solstice.sh Pentesting, Offensive Security Research & Development

Rogue AP Attacks Part 1 - Evil Twin


An Evil Twin is a wireless attack that works by impersonating a legitimate wireless access point. So long as the malicious access point has a stronger signal strength than its legitimate counterpart, all devices connected to the target AP will drop and connect to the attacker. The attacker can then act as a router between the connected devices and a network gateway, establishing a man-in-the-middle scenario. With the exception of karma attacks and the use of SDR, this is one of the most effec...

Webapp Enumeration with Waldo


At Red Team Labs, we find ourselves using DirBuster a lot. It’s a pretty essential tool for quickly enumerating subdomains and web directories. The project is no longer actively maintained however, and since it’s written in Java it doesn’t exactly work well with our existing toolset. To deal with this, we wrote our own multithreaded subdomain and directory bruteforcer in Python. We named it Waldo.

CSAW Quals 2015 - Lawn Care Simulator Writeup


When we navigate to the challenge at http://54.165.252.74:8089 in our browser, we’re greeted with this fantastic looking page:

OSX Tiling Workflow


I love tiling window managers. My absolute favorite is Awesome, which is available for both Linux and BSD. When I started spending more time in the OSX environment about a month ago, it quickly became apparent that keyboard centered workflows were a scarcity. Even worse, true tiling solutions for OSX were virtually nonexistent.