Today RSM is releasing the second and more serious of two unpatched vulnerabilities identified within drivers used in the gaming peripheral company Razer's Synapse application. The driver in question is rzpnk.sys (md5: B4598C05D5440250633E25933FFF42B0) which exposes some functionality via an IOCTL interface. This vulnerability exists within the handler for IOCTL code ... READ MORE
Blog
Razer rzpnk.sys IOCTL 0x226048 OOB Read (CVE-2017-9770)
Today RSM is releasing the first of two unpatched vulnerabilities identified within drivers used in the gaming peripheral company Razer's Synapse application. The driver in question is rzpnk.sys (md5: B4598C05D5440250633E25933FFF42B0) which exposes some functionality via an IOCTL interface. Today's vulnerability is an out of bounds read condition that can be exploited by ... READ MORE
All In One OSINT
If we've said it once, we've said it a thousand times: OSINT is an attacker's best friend. There are a plethora of tools out there that we use everyday as pentesters to accomplish our tasks. For those of you starting out in the field, or are hobbyists, you probably have virtual machine with Kali Linux installed. Kali is a great pentesting tool, the best part about it is it ... READ MORE
King Phisher Release 1.8
The King Phisher version 1.8 has arrived with the following changes: Warn Python 2.7 users that this is the last release Python 2.7 will be supported The Windows MSI build is now in Python 3.4 King Phisher server now supports Red Hat Server 7 King Phisher client support for OS X by using Docker Support for issuing certificates with acme while the server is ... READ MORE
Weaponizing hostapd-wpe
TL;DR: Installing hostapd-wpe on a wireless router powered by an external power bank provides a standalone wireless attack platform with good transmit power, concealability, and mobility. Despite being almost 5 years old (but recently updated to support hostapd 2.6), hostapd-wpe is still a go-to tool for assessing the security of wireless clients attached to WPA2 Enterprise ... READ MORE
Dirty Deeds…. On Video
Recently the team and I were engaged in a physical penetration test where our goal was to gain access to multiple facilities and data deemed sensitive by the client. During our internal discussions for the engagement it was brought up that recording portions of the assessment could provide some additional benefit for the client. As they say, a picture is worth a thousand ... READ MORE
The Inner Workings Of Railgun
Recently, Railgun functionality was added to Metasploit’s Python Meterpreter. This blog describes details of the implementation and how it provides the functionality to make arbitrary calls to native API functions through Metasploit. This is a technical companion piece to the Metasploit Blog post outlining some of the new features to the Python Meterpreter and their ... READ MORE
Footprinting the Target with Recon-ng
Thank you for dropping in for part 2 of our tutorial series on LaNMaSteR53's Recon-ng information gathering framework. Last time, we focused on the fundamentals of navigation within the tool, selecting, configuring and executing modules, and understanding the output. If you came across this page first, please drop back to Part 1 of the series to get a solid background on the ... READ MORE
Obfuscating Launchers to Limit Detection
Last time, I provided a method for encrypting macro payloads (https://warroom.rsmus.com/encrypt-macros-bypass-sandboxes/) to prevent them from executing correctly in the event they were analyzed in a sandbox. On a somewhat-related note, in this post, I will discuss another method which can help ensure your payload makes it successfully to your target: obfuscation. First, ... READ MORE
Segmenting, Subnetting and You
I completed a week of Cisco Certified Network Associate (CCNA) training and passed the exam. I learned an interesting bit about how to quickly subnet. I would like to focus on how to subnet quickly without a calculator. For blue teamers, this skill is useful for implementing and evaluating segmentation. For red teamers, it can be useful for determining the number of potential ... READ MORE