A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


I Love myBFF (Brute Force Framework) - Kirk Hayes Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

I Love myBFF (Brute Force Framework)
Kirk Hayes
Derbycon 2016

This presentation will feature the release of a new open source tool which combines fingerprinting and brute forcing against some common web applications, including Citrix, HP, Juniper, and MobileIron, to add intelligence to password guessing. Better yet, this tool is modular, allowing the easy expansion of the tool to include not only other web applications, but also other services. We will look at different password guessing techniques, their shortcomings, and how myBFF can address these shortcomings. The best part is that the tool will do more than just tell you if a credential pair is valid! You don?t want to miss this!

Kirk is a Security Consultant with Rapid7. Kirk has designed Capture-the-Flag (CTF) challenges, created CyberCity missions, and mentored members of the CyberAces and VetSuccess programs. Kirk recently introduced his tool backHack, a tool to allow a user to backup, extract, modify, and restore applications, which can be found on the Rapid7 MooseDojo Github page (https://github.com/MooseDojo/backHack). This tool allows users a simple, non-root required, method to view and modify files that are part of an Android application. Kirk has also released other scripts and contributed to PTF (Penetration Testers Framework), Serpico, and Metasploit modules.

@kirkphayes

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast