Last time, I provided a method for encrypting macro payloads (https://warroom.rsmus.com/encrypt-macros-bypass-sandboxes/) to prevent them from executing correctly in the event they were analyzed in a sandbox. On a somewhat-related note, in this post, I will discuss another method which can help ensure your payload makes it successfully to your target: obfuscation. First, ... READ MORE
Encrypt Macros – Bypass Sandboxes
It’s no secret that phishing is the most widely used and most successful attack vector in breaches and targeted attack campaigns. Between the DNC breach, ransomware campaigns, and other high profile cases, we as an industry, are seeing it more and more often. It should come as no surprise that, as a result, penetration testers are turning to this attack vector more and more ... READ MORE
Let’s Hack! Part 2: Using Certificates From “Let’s Encrypt”
This is the second post of a two-part series, so if you haven't read part one yet, stop reading, and go do that first. Those that have followed through the first post will have installed the Let's Encrypt client and obtained their first certificate. Now lets take a look at how to leverage this certificate for some offensive purposes. This post will walk through using the ... READ MORE
Let’s Hack! Part 1: Using Certificates From “Let’s Encrypt”
In case you haven't heard, in early December 2015, Let's Encrypt entered Public Beta, meaning that anyone can get a certificate issued by the Let's Encrypt Certificate Authority without the need for an invite. If you aren't familiar with the Let's Encrypt project, you should check out their site. I can't really sum it up any better than they did already, so to quote them, ... READ MORE
Organizing the Bad News – Auditing Passwords with Python
From time to time we find ourselves conducting a password audit for a client. While not terribly exciting from an attackers point of view, it is a necessary check to perform and can provide valuable output if the client is capable of acting on it. Many organizations also perform similar assessments internally. Typically the process looks something like this: 1. Obtain ... READ MORE
Metasploit Module of the Month – web_delivery
In the second edition of this series we are going to take a look at an exploit module that doesn't get a lot of attention. I'll use "exploit" in the same context that Metasploit does, which means that upon successful completion of this module you get a shell. It doesn't mean that this module is some super 1337 browser exploit/sandbox escape 0day, which I think, is partly ... READ MORE
Metasploit Module of the Month – ntlm_info_enumeration
This post will be the first in an ongoing series devoted to covering various modules in the Metasploit Framework and their uses. We hope that our readers will find this useful, as there are more modules added to the framework each day, as well as some obscure modules which are incredibly valuable. This entry in the series will examine one of the latter, ... READ MORE
Shells by Mail: Backdooring USB Devices for Fun and Pwnage
Pretty much everyone is familiar with the most common ways that organizations are breached, weak passwords, misconfigured systems, social engineering, etc., but on a recent engagement we decided to do something a little bit unconventional. In terms of attack vectors, our client had placed only one restriction on us, we could not physically go inside their facilities. So ... READ MORE
Generating Time-based One-time Passwords With PowerShell
In this post I will be explaining how to leverage PowerShell to create a time-based one-time password (TOTP). If you are not familiar with the concept of one-time passwords, the key point is that they are passwords that can be used only (drum roll) one time. If you require more information please see this Wikipedia article. If you have ever used RSA's SecurID or Google's ... READ MORE
The Importance of Understanding Your Tools
There are many qualities and skills necessary to be an effective penetration tester. Experience with a programming language or two is right at the top of that list. I don’t mean that you need to have a development background. Successful attackers should, however, be able to look at the tools and exploits they use and understand they actually work. This exact issue came up on a ... READ MORE