Hey friends, today our pal Hackernovice joins us for a tool (actually two tools!) release party: EvilFortiAuthenticator - it's like a regular FortiAuthenticator, but evil. This tool allows you to capture the FortiAuthenticator API and subsequently steal the entire device's config, subsequently allowing you to restore the config to a second server and potentially steal cleartext Active Directory creds and SMTP accounts! We talk about BulletsPassView - a tool that originially allowed us to simply unmask the "hidden" API key in the FortiAuthenticator client (this did NOT work in the latest version of FAC). Once you get the API key, check out Fortinet's documentation to do fun things like dump the whole config to a file on disk! After you steal the config and restore it to a fresh FortiAuthenticator, use maintenance mode to reset the admin password. Once you can adjust the restored config to your liking, try using MITMsmtp to capture email server creds in the clear! TCMLobbyBBQ - this tool has nothing to do with security, but helps PC players of the Texas Chain Saw Massacre get into lobbies more efficiently.
No persons identified in this episode.
This episode hasn't been transcribed yet
Help us prioritize this episode for transcription by upvoting it.
Popular episodes get transcribed faster
Other recent transcribed episodes
Transcribed and ready to explore now
Before the Crisis: How You and Your Relatives Can Prepare for Financial Caregiving
06 Dec 2025
Motley Fool Money
Anthropic Finds AI Answers with Interviewer
05 Dec 2025
The Daily AI Show
#2423 - John Cena
05 Dec 2025
The Joe Rogan Experience
Warehouse to wellness: Bob Mauch on modern pharmaceutical distribution
05 Dec 2025
McKinsey on Healthcare
The method of invention, AI's new clock speed and why capital markets are confused
05 Dec 2025
Azeem Azhar's Exponential View
Meta Stock Surges on Plans for Metaverse Cuts
05 Dec 2025
Bloomberg Tech