The last post on Shells with Spencer presented code to spawn a shell with a full PTY with a Bluetooth RFCOMM socket for extended post exploitation access. This post will present an additional technique, this time for spawning a Metasploit Meterpreter session between two hosts using a Bluetooth RFCOMM socket. Specifically, in this Proof-of-Concept, a Meterpreter session will be ... READ MORE
Spawning Shells Over Bluetooth
Lately, unique remote access techniques have become more commonly discussed. Most are payloads that beacon over some protocol using space within it that might be re-used for nefarious purposes (think HTTP). Some others are ones that use more obscure protocols that may not rely on TCP/IP at all. These have the added advantage of being able to communication more quickly than some ... READ MORE
I Like Syscalls (And I Cannot Lie)
So with the release of Windows 10 I (like many before me) decided to look into what new syscalls have been added. Syscalls are the means by which code running in the context of a user can request the functionality provided by the kernel be executed. This includes many basic operations such as opening and reading from files. Collecting this information will allow us to identify ... READ MORE
Injecting Python Code Into Native Processes
There is quite a bit of material publicly available on DLL injection, the different techniques and how it works. Often times it's helpful for a researcher to be able to execute code within the context of a specific process, and DLL injection is an ideal way to accomplish this. By injecting a DLL into another process, that process can be "infected" allowing the injected DLL to ... READ MORE
King Phisher 0.2.1 Released
Yesterday, RSM released the latest version of their King Phisher phishing campaign toolkit. This version adds some exciting new features with a focus on usability. The message editor received some nice improvements, including syntax highlighting. The editor window now uses the GtkSourceView project to provide a more user friendly environment for writing and modifying ... READ MORE
King Phisher 0.2.0 Released
Today, RSM is releasing the latest version of the King Phisher phishing campaign toolkit. This version adds some excellent features for visualizing the results of a campaign to help with the analysis. Some of the features in this version were referenced in the Advanced Phishing Techniques webinar hosted by the RSM King Phisher team in March. Some of the newest features in ... READ MORE
King Phisher 0.1.7 Released
We are very pleased to announce today that the latest release of RSM's open source phishing toolkit, King Phisher, is now available. This latest release has lots of new features, client GUI improvements and stability fixes. Some of the highlights of version 0.1.7 include: Integration for checking SPF records Automatic CSRF page generation Full support for serving ... READ MORE
Walking The Stack Back To Userland
The nature of writing kernel exploits is tricky. The necessity for reliable exploitation is paramount given that a failure will likely result in system instability usually manifested in the form of a kernel panic / BSOD. Depending on the nature of the vulnerability, maintaining stability after the attacker's shellcode has run can be a real challenge. Often times structures are ... READ MORE
Analyzing Safe Exception Handlers
SafeSEH (Safe Structured Exception Handlers) is a Windows binary protection mechanism for 32-bit executables that has been around for a while now. When the option is enabled, the linker creates a list of valid exception handler addresses in the SEHandlerTable when the binary is being built. This protection prevents the execution of corrupted exception handlers which is a common ... READ MORE
Chromoting For Access
Chromoting Background Google Chrome offers a service dubbed "Chromoting" which allows users to opt into allowing remote access to their systems for either personal reasons or technical support. To use this service a user must download Chrome, be logged into their Google account, and enable Chromoting via the Chrome Remote Desktop application. The remote desktop application, ... READ MORE