Today RSM US has released a new research project dubbed Crimson Forge. The project originated from the desire to add evasion capabilities to existing, native payloads. The intention is to target x86 and AMD64 shellcode and automatically rewrite it to evade signature based detections. The issue with many existing implementations are that they rely on "encoding" the payload and ... READ MORE
GTP Scanning
A while ago I was working on an assessment where I was exposed to General Packet Radio Service (GPRS) servers. Having not been familiar with this particular technology, I started to read about the details of the protocol and it's implementation. One of the best resources I found was the presentation "Practical security research on 3G and 4G mobile telecommunications networks", ... READ MORE
King Phisher Release 1.10
Today we're proud to announce the next release of King Phisher, version 1.10. This release saw extensive changes under the hood to improve the long term experience. One of the notable changes that users will directly benefit from are multiple tweaks to the email messages sent by King Phisher resulting in lower scores when rated with the popular SpamAssassin engine. This means ... READ MORE
Termineter 1.0
Termineter Version 1: Come With Me If You Want To Pwn... Almost six years after its initial release, RSM has published version 1.0 (and shortly thereafter a couple of bug fixes) of its Open Source Smart Meter Penetration Testing Framework dubbed "Termineter". The framework has been an integral part of the Smart Meter assessment portion of the RSM AMI testing methodology and ... READ MORE
2017 FOSS Contributions
We here at RSM heavily rely on the Open Source tools that are available from the information security community. Like many penetration testing and research teams we rely on gems such as the Metasploit Framework, Responder, and Empire. We like to support to give back to the community and help others like us by contributing to these projects as well as by releasing and ... READ MORE
Razer rzpnk.sys IOCTL 0x22a050 ZwOpenProcess (CVE-2017-9769)
Today RSM is releasing the second and more serious of two unpatched vulnerabilities identified within drivers used in the gaming peripheral company Razer's Synapse application. The driver in question is rzpnk.sys (md5: B4598C05D5440250633E25933FFF42B0) which exposes some functionality via an IOCTL interface. This vulnerability exists within the handler for IOCTL code ... READ MORE
Razer rzpnk.sys IOCTL 0x226048 OOB Read (CVE-2017-9770)
Today RSM is releasing the first of two unpatched vulnerabilities identified within drivers used in the gaming peripheral company Razer's Synapse application. The driver in question is rzpnk.sys (md5: B4598C05D5440250633E25933FFF42B0) which exposes some functionality via an IOCTL interface. Today's vulnerability is an out of bounds read condition that can be exploited by ... READ MORE
The Inner Workings Of Railgun
Recently, Railgun functionality was added to Metasploit’s Python Meterpreter. This blog describes details of the implementation and how it provides the functionality to make arbitrary calls to native API functions through Metasploit. This is a technical companion piece to the Metasploit Blog post outlining some of the new features to the Python Meterpreter and their ... READ MORE
King Phisher Release 1.7
Today we're proud to release the latest version of King Phisher, 1.7. Since the last release, we have added two major features and a couple of new plugins. For a complete list of changes, checkout the change log. The first new feature is something that has been requested for a little while now and that's the ability to send messages using separate To, CC, and BCC fields. This ... READ MORE
Boston Key Party CTF Crypto-200
I love using sponges for crypto Who doesn't, right? This past weekend was the Boston Key Party (BKP) CTF which was a fun and challenging event. The challenge I spent the most time working on was the Crypto 200 point challenge titled "Sponge". The challenge was to find a collision with the known value "I love using sponges for crypto" using a custom hashing algorithm ... READ MORE