So this is not a security-related post, but what the heck. Every quarter or so here at RSM, we hold an Innovation Day. We get to dedicate a full day's worth of time to personal projects that will benefit the company in some way. We've had some really cool projects come out of the Innovation Days of the past which have included the WMD (a Pi-based device for tracking down ... READ MORE
Accessing Internal Web Apps via Meterpreter on a Jumpbox
Post breach on a recent external penetration test, I wanted to do some poking around the target's intranet which required that I set up a SOCKS proxy. Given that I was using a jumpbox, I knew it was going to be necessary to set up a tunnel to get everything working properly. If you're anything like me, tunneling makes your brain hurt. Fortunately, with a little help from jagar, ... READ MORE
Building a Vulnerable Box – HFS Revisted
A few months ago, in the Building a Vulnerable Box series, I wrote a walkthrough for putting together and compromising a Rejetto HFS server. The post had originally been intended for my security students at the time, but, to my surprise, it's become one of the War Room's most consistently visited write-ups. Just last week, a similar exploit was posted to the Exploit-DB by Naser ... READ MORE
Empire: An Elegant Weapon for a More Civilized Age
Empire, developed by @harmj0y, @sixdub, and @enigma0x3, debuted earlier this month at BSides Las Vegas. In the words of the developers, "Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all ... READ MORE
Sophos UTM Home Edition 5 – SSL VPN
The topic of today's post is setting up an SSL VPN through the Sophos UTM Home Edition. The ease-of-use VPN solution was one of my primary reasons for pursuing this particular UTM in the first place, and so I think it's a topic definitely worth exploring. There are a variety of VPN options within the UTM. I'll only be covering the SSL option here. If you are looking to set up a ... READ MORE
Sophos UTM Home Edition 4 – Definitions and Rules
UPDATE: Part 5 - SSL VPN is now available. In the first and second posts in this series, we stepped through the installation of the Sophos UTM. Two weeks ago, we finished up the setup process. Now, we're going to start exploring the meat and potatoes of Sophos' free UTM solution. This week, I'm going to cover establishing definitions and ... READ MORE
Sophos UTM Home Edition – 3 – The Setup
UPDATE: Part 4 – Definitions and Rules and Part 5 - SSL VPN are now available. It's been quite a while since I wrote the initial two Sophos UTM posts. I recently upgraded from a really old, re-purposed HP box to a slightly-less-old Dell Precision 670 courtesy of steiner, and I took the opportunity to document the setup process. This post assumes you have followed the ... READ MORE
Crouton – Chromebooks as a Pentesting Platform
I had the opportunity to pick up a Chromebook (Acer C720) on the cheap(er) this past weekend. A local high school was getting rid of those machines that had previously belonged to graduating seniors who had chosen not to buy them outright at the end of the year. I had never had much of a chance to play around in ChromeOS until now, so I was excited to get my hands dirty. I have ... READ MORE
Building a Vulnerable Box – VNC Auth Bypass
This is going to be my last post in this series for the time being. Four vulnerable machines is a good start-up lab. The version of VNC we are going to use for this build is very out-of-date, but you'd be surprised (or maybe you wouldn't) on the frequency with which we encounter it on engagements. I haven't had a hit yet this year, but there were enough last year to warrant ... READ MORE
Building a Vulnerable Box – Domino
IBM Domino (formerly Lotus Domino) is a particular interesting (and lengthy) setup. The build is not terribly complicated, but the software has been vulnerable for a long time, so it's definitely worth exploring. We might as well have titled the blog "Building a Domino Box" with the vulnerability simply assumed. This box was also featured on the final for my university ... READ MORE