Clik here to view.
Your Soldiers are Untrained
People often try to draw analogies between computer security and the military or warfare. Lets put aside for a moment the fact that I don't know anything about the military and continue on with this...
View ArticleClik here to view.
Basics of Rails Part 5
If you'd like to skip coding this up or are having issues, you can find the application source code here.To start at the code which represents the completion of Parts 1-5, do the following:$ git clone...
View ArticleMSSQL Brute forcing with Resource Scripts
Problem:How can we brute force MSSQL servers that listen on several different ports without having to manually change the RPORT?*MSF Pro/Express handle this for you using the database.Possible...
View ArticleTraining Opportunities
We are hosting two training's at the Attack Research Headquarters over the next few months. The first training is our Operational Post Exploitation class which will be January 29th-January 30th.We have...
View ArticleAttack Research Training Schedule
We have finalized our training schedule for Attack Research for the year. Below is the schedule for our training's for the rest of the year. We can't promise that more opportunities will pop up but...
View ArticleClik here to view.
APT PDFs and metadata extraction
One of the modules in our new Rapid Reverse Engineering class is artifact extraction. For this section of the class the students use a python module we create for doing some artifact/metadata...
View ArticleNext Level Testing
We've been having a good time doing intensive, month long or longer APT simulation tests for people, acting like malicious insiders, using hardware implants, 0days, human enabled malware, etc. Lately,...
View ArticleQuick way to view ruby gems
This post is a very short and very simple tip for easily opening a ruby gem up for closer inspection.When reviewing a Rails or Sinatra application (code review), it sometimes becomes necessary to view...
View ArticleClik here to view.
Bundler-Audit -> Auditing your RubyGems
Ruby applications that utilize a Gemfile/Gemfile.lock, file(s) that contain the list of ruby gems an application should use along with their respective version number, can now be audited to determine...
View ArticleRails - Guard, Brakeman, and Bundler-Audit
Thanks to the efforts of Justin Collins (@presidentbeef - Brakeman) and Hal Brodigan (@postmodern_mod3 - Bundler-Audit), Rails developers (and Sinatra) can use these two tools in tandem with Guard to...
View ArticleClik here to view.
Funky Juniper URLs
If you've ever tested any clients that have Juniper VPNs you've probable seen the ol: http://[target]/dana-na/auth/url_default/welcome.cgi URL.@infosecmafia and I mentioned in our DerbyCon talk on how...
View ArticleClik here to view.
Rails Strong Parameters
It is well known in the Rails world, how big of an issue mass-assignment is. It is the vulnerability that led to the hack of Github last year. Normal interactions with an ActiveRecord model can...
View ArticleClik here to view.
Metasploit Standalone psexec
mubix has a great post here on using the standalone psexec in the tools folder for metasploit.couple of notes since i had to use it this week.1. its now librex instead of rex that should save you a...
View ArticleClik here to view.
admin to SYSTEM win7 with remote.exe
So i ran across this little gem from 2008!http://blogs.technet.com/b/askds/archive/2008/10/22/getting-a-cmd-prompt-as-system-in-windows-vista-and-windows-server-2008.aspxI ended up using Method 2 on a...
View ArticleMimikatz Minidump and mimikatz via bat file
I tweeted about this blog post a few weeks ago and got to use it on a PT, so its no secret...also mubix beat me to this post, but i'm posting it here for my notes keeping purposesFirst, check out this...
View ArticleWant to break some Android apps?
1st off, Hi. I'm @jhaddix the newest guy on this blog...Android App testing requires some diverse skills depending on what you're trying to accomplish. Some app testing is like forensics, there's a ton...
View ArticleClik here to view.
Finding Executable Hijacking Opportunities
BackgroundDLL Hijacking is nothing new and there are a number of ways to find the issue, but the best way I have found is a bit more forceful method using a network share. First we need a network share...
View ArticleChanging proxychains' "hardcoded" DNS server
If you've ever used proxychains to push things through Meterpreter, one of the most annoying things is its "hardcoded" DNS setting for 4.2.2.2, if the org that you are going after doesn't allow this...
View ArticleClik here to view.
Stealing passwords every time they change
Password Filters [0] are a way for organizations and governments to enforce stricter password requirements on Windows Accounts than those available by default in Active Directory Group Policy. It is...
View ArticleClik here to view.
Dumping a domain's worth of passwords with mimikatz
clymb3r recently posted a script called "Invoke-Mimikatz.ps1" basically what this does is reflectively injects mimikatz into memory, calls for all the logonPasswords and exits. It even checks the...
View Article