As a result of my foray into static malware analysis, I decided I needed a better understanding of DLL injection. DLL injection allows us to run code in another process. This is useful because it allows us to hide malicious processes in other, benign processes. It also means not having to save anything to the disk, making detection and forensics that much more difficult. This ... READ MORE
Real World Malware Analysis: The Original Phishster
When my friend first told me that he was phished with a Word document, two infection methods came to mind: either it was a macro enabled in the document, or it was the recent MS14-064 vulnerability for Office. So let’s take a look! Here is what the offending document looks like when opened: Macros are the winner! What do they do? In Word go to View > Macros > View ... READ MORE
Password Filtering: Taking Bad Decisions Away from Users
(Originally published by @fluffy_bs) I recently had this conversation with a client following a pen test: Client: "What is our biggest security hole?" Me: "Your password policy is incredibly weak. We were able to brute-force passwords such as Winter14, Password1, and Company1. Client: "We just had a meeting where we reiterated our security policy. I told ... READ MORE
Generating Time-based One-time Passwords With PowerShell
In this post I will be explaining how to leverage PowerShell to create a time-based one-time password (TOTP). If you are not familiar with the concept of one-time passwords, the key point is that they are passwords that can be used only (drum roll) one time. If you require more information please see this Wikipedia article. If you have ever used RSA's SecurID or Google's ... READ MORE
Vulnerabilities 2014: Moving Forward
2014 saw the release of a number of critical vulnerabilities that caused media storms and left script kiddies on the edge of their seats in anticipation of public exploits. These high impact vulnerabilities included, but were not limited to: Heartbleed CVE-2014-0160 Various ShellShocks CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, ... READ MORE
Real World Malware Analysis Part 1
Full Disclosure: Malware analysis isn't my area of expertise, but I have been looking for chances to learn more. Let's learn together! I was recently describing to a friend how phishing attacks work, one of the most common ways being word documents with a macro to run or download malicious code. Sure enough, several weeks later the same friend received a phishing ... READ MORE
Taking One For The Team: The “Double Tailgate” Approach for Physical Pentests
When it comes to physical pentests, there are a variety of different approaches and techniques used depending on the environment and situation. While most people are familiar with the concept of tailgating in order to gain access to restricted areas, the double tailgate can be useful when the point of entry has tailgating detection mechanisms in place. The scenario where ... READ MORE
CYA: Cover Your Alfa (Part II)
Part II: Testing In the first part of this post I covered the basic steps I took to conceal an Alfa AWUS036H in an HDD enclosure. In this part I’ll cover the basic testing I did to see how that impacted its performance, as well as the results of those tests. The diversity of wireless cards, drivers, and programs can make it difficult to get honest comparisons between ... READ MORE
CYA: Cover Your Alfa (Part I)
Those interested in performing this or a similar modification will need at least the following supplies and equipment: A soldering iron with solder and the appropriate cleaning supplies (sponge, tip cleaner) A desoldering pump ("solder sucker") Wire strippers Heat shrink tubing Epoxy Cable with a standard USB type A female interface Cable with a mini-USB type B ... READ MORE
VoIP Penetration Testing: Introduction
I've had a number of recent opportunities to conduct VoIP-focused penetration tests. Prior to my first, I noticed that the number of tutorials, blogs and training write ups are pretty scarce. So, I figured it might be helpful to have all of it in one place. In this short blog series, I'll cover the goals, methodology, and tools needed to conduct a successful VoIP penetration ... READ MORE