This is the second post of a two-part series, so if you haven't read part one yet, stop reading, and go do that first. Those that have followed through the first post will have installed the Let's Encrypt client and obtained their first certificate. Now lets take a look at how to leverage this certificate for some offensive purposes. This post will walk through using the ... READ MORE
Let’s Hack! Part 1: Using Certificates From “Let’s Encrypt”
In case you haven't heard, in early December 2015, Let's Encrypt entered Public Beta, meaning that anyone can get a certificate issued by the Let's Encrypt Certificate Authority without the need for an invite. If you aren't familiar with the Let's Encrypt project, you should check out their site. I can't really sum it up any better than they did already, so to quote them, ... READ MORE
Encryption Basics: HMAC
We have covered a method for key exchange, and we have covered a way to implement public key encryption and message signing. Our topic today is hash-based message authentication codes or HMAC (a subset of message authentication codes). An HMAC provides us with most of the features of message signing, but it is quicker. There are times when you will use one over the other, and ... READ MORE
Github Primer: Collaborating with Git
This post serves as a simple walk-through of how to contribute to a repository or collaborate on a project with others using github.com. The content is broken down into three sections: (1) How to create your own fork of the repository that you wish to contribute to. (2) How to sync your branch with a branch from your upstream repository (the upstream repository is the ... READ MORE
Encryption Basics: RSA
Number two in our encryption basics series. This time we are going to get into a well-known form of public key encryption, RSA. I plan on giving the same boiler plate warning for each of these; if you promise not to use this for encrypting anything truly important, you are allowed to skip the next couple of lines. The programs contained herein (obligatory lawyer speak) are for ... READ MORE
Encryption Basics: DHKE
As a side project I have been doing some self-study on encryption to better understand it. It is how we protect our data as it travels across the internet or when at rest, we use concepts from it to verify that we sent messages, and whole currency schemes are built around the idea. Encryption is an incredibly dense topic and it is easy to mess up. As such, all of the code I ... READ MORE
Organizing the Bad News – Auditing Passwords with Python
From time to time we find ourselves conducting a password audit for a client. While not terribly exciting from an attackers point of view, it is a necessary check to perform and can provide valuable output if the client is capable of acting on it. Many organizations also perform similar assessments internally. Typically the process looks something like this: 1. Obtain ... READ MORE
Ghosts in the Machines
Methods for the prevention, detection, and removal of ghosts in digital networks We often find that clients are so focused on preventing attacks from malicious living humans that they completely neglect the threat posed by ghosts. With that in mind, today’s post focuses on defensive measures that can be implemented to (1) prevent ghost infestations; (2) detect paranormal ... READ MORE
Launch rdesktop from Metasploit
I often resort to remote desktop sessions when pillaging or attempting lateral escalation. Remote desktop provides an easy way to look for important data, get an idea of what applications are in use, run scripts or programs, and transfer data between my host and the target system. Since the Windows “Remote Desktop Connection” program keeps track of IP addresses and makes it ... READ MORE
Metasploit Module of the Month – enum_ad_computers
Summer has officially ended and Autumn is setting in. As the leaves begin to fall and September draws to a close, it’s a perfect time to sit back and reflect on the metasploit modules that filled our Summer months with joy. In the third installment of our “Module of the Month” series we examine enum_ad_computers, a post-exploitation module that combines the flexibility of LDAP ... READ MORE