what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Tuesday, August 20, 2013


A while back i encountered a security App/Device  called Harmony which was installed in a Windows Machine, 2008 MS Server. Now, the reason i was able to find it was coz i was already in the infrastructure WiFi, via a simple WPA PassPhrase and this Software/hardware product from Israel wasnt secure as it should be, but it was meant to secure a banks' doors.

I wont mention which one.

Anyway, i completely understand the ignorance SysAdmins have, maybe its coz of the pressure from the bosses, but security should be considered first hard, especially when physical and operational security are interconnected.

Yes most of the auditors and security testers will ignore this aspect, but not all do, and that means all the bad guys will never ignore such a gateway, FIX IT!!!

Harmony is used to control Physical security for doors and has both Proximity and Biometric capability, and the server which is holding this together, should at least be moved from all the other Vlans and should have a name, that no one would figure out what it is after a scan.

So this box kinda had its LAN, connected to the controllers at each door, and these boxes connected to a port on the server that allowed data to be stored and reflected for the SysAdmins. Due to how Symantic treats traffic, the first option was to kill all its PIDs, and i didn't expect that, all  the doors would jam, which happened. And immediately all the floors at the Banks were opened, late at night, without even an alarm.

Then nextsteps were just simple, since all the other sensors were controlled by the server, moving between floors, was easy especially in the morning when every one is busy, to further Post-Exploitation

VITAL LESSON, early defense is the best defense.

Monday, August 12, 2013


Lately i have been involved with Banking Security alot and i have noticed that admins are really trying so hard on Password Security. Personally i never bruteforce, i always let the guys starting up to run the Xhydras, but if i do its normally a manual check, not running a tool on the network, with a string of passwords.

I find running some of these automations so chaotic

One issue i have come to realize its better just to try bypass the AV and just dump the passwords on the memory and since all the Kenyan banks carry same security loop holes, from one institution to another, that they never fix, its has become like the same game for me each day. So, i will list some of the passwords you might find if you are doing Pentests for Kenyan banks in Nairobi.

Domain Administration Passwords

p@ss2013 e.g DTBp@ss2013 "This is just an example, its doesnt mean its the one"


Application passwords

admin: netptune
admin: Oracle10
admin: netfilter
admin: nitajaribu

The above, experienced in five banks.

Will Continue adding more as time goes on.