Comments for Explore Security https://www.exploresecurity.com IT security tools, techniques and commentary Sun, 07 Sep 2025 03:12:25 +0000 hourly 1 http://wordpress.org/?v=3.6.1 Comment on The Small Print for OpenSSL legacy_renegotiation by Desain https://www.exploresecurity.com/the-small-print-for-openssl-legacy_renegotiation/#comment-91391 Desain Sun, 07 Sep 2025 03:12:25 +0000 http://www.exploresecurity.com/?p=245#comment-91391 How do you balance the trade-off between backward compatibility (supporting old servers) and strict security enforcement when dealing with SSL/TLS legacy options?

]]> Comment on Testing for Cipher Suite Preference by Jerome https://www.exploresecurity.com/testing-for-cipher-suite-preference/#comment-91385 Jerome Mon, 01 Sep 2025 08:46:18 +0000 http://www.exploresecurity.com/?p=296#comment-91385 Clearly manual testing is much slower. That’s why a tool is useful. Manual testing is used to provide definitive evidence of a particular result from an automated tool. For certain types of vulnerability, however, it’s not possible to test using something like OpenSSL out-of-the-box because obviously it is not designed to send malformed packets. As you can tell from the date of this post (and other posts in the same category) it’s been some time since I last looked at this area. The tools mentioned in this post may not be best-in-class. In general, for any tool you are relying on, it’s useful to read the docs so you know what its capabilities and limitations are, and then try it out against known targets i.e. a server you’ve configured. Additionally, as in this post, running two tools to ensure there is agreement is a good way to try to eliminate errors. Any discrepancy can be followed up with manual testing. Hope that’s useful.

]]> Comment on Testing for Cipher Suite Preference by Desain https://www.exploresecurity.com/testing-for-cipher-suite-preference/#comment-91370 Desain Thu, 21 Aug 2025 12:40:55 +0000 http://www.exploresecurity.com/?p=296#comment-91370 How thorough is this manual testing method compared to automated tools like ssl-enum-ciphers in Nmap?

]]> Comment on From CSV to CMD to qwerty by How feasible is it for an attacker to brute-force an NTLMv2 response captured off the network? https://www.exploresecurity.com/from-csv-to-cmd-to-qwerty/#comment-70841 How feasible is it for an attacker to brute-force an NTLMv2 response captured off the network? Wed, 20 Apr 2022 05:38:11 +0000 http://www.exploresecurity.com/?p=415#comment-70841 […] it to using the Praetorian or root9b techniques), then you want to check out this blog post — http://www.exploresecurity.com/from-csv-to-cmd-to-qwerty/ — as the author explains which parts of the NET-NTLMv2 request and response need to be […]

]]> Comment on SQL Injection in Search Fields by Jerome https://www.exploresecurity.com/sql-injection-in-search-fields/#comment-67617 Jerome Tue, 03 Mar 2020 23:02:12 +0000 http://www.exploresecurity.com/?p=234#comment-67617 Sorry, but I wrote this article over 5 years ago so I can’t remember anything more about this particular case. In general, what I’d recommend is first focusing on getting a simple proof-of-concept working using manual injection. This will ensure you understand the nature of the query in which the injection point resides e.g. in the above case I had to cater for nested queries by adding )). Ideally, only once you’re getting reliable results from manual techniques is it worth throwing an automated tool like sqlmap at the problem. In this way, if the tool fails, you know either it’s your configuration of the tool or the tool itself. Without proving the case manually, another reason for the tool failing is that there isn’t a vulnerability there at all!

]]> Comment on SQL Injection in Search Fields by zonduu https://www.exploresecurity.com/sql-injection-in-search-fields/#comment-67607 zonduu Mon, 02 Mar 2020 03:09:17 +0000 http://www.exploresecurity.com/?p=234#comment-67607 I have the same exact behavior in one website i am testing, but when trying it with sqmal using “space2comment” i had no luck. Could you please tell me how was the payload used by sqlmap that worked? I want to try a sleep command or anything that really confirms this issue! Please!!!

]]> Comment on William – WPA/WPA2 4-way handshake extraction script by blake https://www.exploresecurity.com/william-wpawpa2-4-way-handshake-extraction-script/#comment-60252 blake Wed, 31 Jul 2019 17:20:09 +0000 http://www.exploresecurity.com/?p=14#comment-60252 god, thank you so much. I don’t know why, but validating that packets contain EAPOL data has been soooo painful.

]]> Comment on SSL/TLS Checklist for Pentesters by Jerome https://www.exploresecurity.com/ssltls-checklist-for-pentesters/#comment-57873 Jerome Fri, 17 May 2019 15:22:15 +0000 http://www.exploresecurity.com/?p=201#comment-57873 Thanks, Phil. The first was working – you just had to scroll down to find the presentation, but I’ve now updated it with a direct link. The second was broken, and that’s now updated. Things have moved on a bit since then but hopefully there’s some core material you’ll find useful.

]]> Comment on SSL/TLS Checklist for Pentesters by Phil Gillis https://www.exploresecurity.com/ssltls-checklist-for-pentesters/#comment-57595 Phil Gillis Fri, 10 May 2019 17:43:34 +0000 http://www.exploresecurity.com/?p=201#comment-57595 The links to your slides from http://www.exploresecurity.com/ssltls-checklist-for-pentesters/ are not working. Topic sounds interesting. Are they available anywhere?

Thanks!

Phil

]]> Comment on From CSV to CMD to qwerty by Jerome https://www.exploresecurity.com/from-csv-to-cmd-to-qwerty/#comment-41587 Jerome Fri, 25 Jan 2019 10:05:21 +0000 http://www.exploresecurity.com/?p=415#comment-41587 Nice to get a mention :-)

]]>