It is no secret that one of the major attack vectors is phishing. While some of the success of this is due to a lack of user education and awareness, the other side of the coin are missing basic controls. There is no shortage of enterprise level phishing controls out there, Mimecast and Proofpoint for example. However, these are not silver bullets when it comes to protecting ... READ MORE
Blog
King Phisher Release 1.12
King Phisher version 1.12 is finally here. One improvement that we are most excited about is King Phisher now utilizes Pipenv to manage it's dependencies. This will greatly improve the stability of the platform moving forward as there won't be any dependency conflicts or bugs from upstream changes. After doing a git fetch and git pull to update King Phisher, you now runsudo ... READ MORE
King Phisher Release 1.10
Today we're proud to announce the next release of King Phisher, version 1.10. This release saw extensive changes under the hood to improve the long term experience. One of the notable changes that users will directly benefit from are multiple tweaks to the email messages sent by King Phisher resulting in lower scores when rated with the popular SpamAssassin engine. This means ... READ MORE
Fire and Forget: Meterpreter Automation
Throughout the past year I have been conducting routine phishing assessments for a client. For their final test of the year, our point of contact wanted something consequential for those who fell for this phish... Something 'kinetic' if you will. They requested a 'Blue Screen of Death' approach, to which I ultimately opted for a less potentially destructive method. I would send ... READ MORE
CSRF on Anonymous Forms
Using CSRF on Anonymous Forms This article will focus on linking CSRF vulnerabilities with phishing attacks to extend the lifetime of your captured credentials. Cross Site Request Forgery (CSRF) vulnerabilities on anonymous forms are often ignored or overlooked, but when combined with a credential-harvesting phishing campaign it extends the life of your captured credentials. ... READ MORE
Termineter 1.0
Termineter Version 1: Come With Me If You Want To Pwn... Almost six years after its initial release, RSM has published version 1.0 (and shortly thereafter a couple of bug fixes) of its Open Source Smart Meter Penetration Testing Framework dubbed "Termineter". The framework has been an integral part of the Smart Meter assessment portion of the RSM AMI testing methodology and ... READ MORE
2017 FOSS Contributions
We here at RSM heavily rely on the Open Source tools that are available from the information security community. Like many penetration testing and research teams we rely on gems such as the Metasploit Framework, Responder, and Empire. We like to support to give back to the community and help others like us by contributing to these projects as well as by releasing and ... READ MORE
Quick Reference: Empire Persistence Modules
During a penetration test you may find yourself in a situation where your foothold in the network is tenuous and you need to establish persistence. Such as when your only foothold is on a workstation, the end of day is quickly approaching, and the user may shutdown their system. In these cases you'll likely have to save something to the hard disk, but what type of persistence ... READ MORE
King Phisher Release 1.9
Today RSM is proud to announce the latest release of our open source Phishing tool King Phisher. This release brings many new features that we hope offer users a much more pleasant experience and facilitate tapping into some of the more customizable potential of King Phisher. The biggest upgrade with King Phisher version 1.9 is that the client's plugin manager got a huge ... READ MORE
Physical Penetration Testing Basics – A Primer
Physical Penetration Testing is an assessment that involves testing physical security controls to see where they might fail. While this can include a number of different activities, including social engineering, many doors and locks are designed to simply slow down an attacker, not completely protect against one. At RSM, we constructed a sample door for demonstration and ... READ MORE