Another scenario that is getting all too familiar: It is another day in the office. The external penetration test is going as planned. You broke in to the internal network and you have transports in place. You just need that last trophy before you can call it a day! You finally find the system where it is stored. You prep for the attack, and check to make sure all is setup ... READ MORE
Blog
King Phisher Release 1.6
We are happy to announce the long awaited release of version 1.6. The development of version 1.6 is massive compared to prior releases. The major changes are to the back-end API calls too and from the King Phisher server. Utilizing AdvancedHTTPServer capabilities for web sockets, the server will now alert the client when there are changes to the database tables. This allows ... READ MORE
Encrypt Macros – Bypass Sandboxes
It’s no secret that phishing is the most widely used and most successful attack vector in breaches and targeted attack campaigns. Between the DNC breach, ransomware campaigns, and other high profile cases, we as an industry, are seeing it more and more often. It should come as no surprise that, as a result, penetration testers are turning to this attack vector more and more ... READ MORE
Capture the Flag 2017 – Example Challenges
Early next year, RSM will host its fourth annual Capture the Flag event. We wanted to give our potential participants some background information and examples of the types of problems they will encounter. Coding: https://warroom.rsmus.com/ctf-example-coding/ Cryptography: https://warroom.rsmus.com/ctf-example-cryptography-2/ Forensics: ... READ MORE
CTF Example – Web Application Security
During RSM's 2016 Capture the Flag (CTF) event, the Web Application Security category took the format of a full-blown web application penetration test. Participants could accomplish the 100 point challenge simply by exploring and mapping out the web application. By the time participants reached the 500 point level, they had performed password guessing, SQL injection, bypassed ... READ MORE
CTF Example – Social Engineering
When a client requests a Social Engineering assessment, they are wanting to test any weaknesses found in the people themselves, not necessarily technology. After all, it's often easier to just ask someone directly for their password instead of trying to find an exploit for an application. In the context of a penetration test, typically this takes the form of impersonating ... READ MORE
CTF Example – Physical Challenges
In the Physical Challenge category, problems are focused on simulating technical skills that a consultant might have to use on an asssessment. Two major skills that come in handy are knowledge about lockpicking and security cameras. Lockpicking Lockpicking is something of both an art and a science. The scientific part is easy to understand as illustrated by this fantastic ... READ MORE
CTF Example – Web Application Security Part II
In our previous post, we talked about using robots.txt to uncover hidden information about a target website. By the end of this post you should be able to: Use dirb to spider a website for directory content Use Burp to attempt a brute forcing attack You will need the following: Kali Linux virtual machine installed and ready to go The following ISO file ... READ MORE
CTF Example – Hacking
CTF Example – Hacking Although hacking can have multiple different meanings, in the context of the RSM CTF the hacking category focuses on the active exploitation of vulnerable services. In this blog, you should expect to come away with the following skills: Use VMWare to set up and configure a safe test lab environment Use Nmap to find out what services are running on ... READ MORE
Making Raw Syscalls on Windows From Python
Often times while writing a proof of concept for an exploit or doing vulnerability research its necessary to make a raw syscall on Windows. Usually syscalls are called by a thin wrapping function in userland, often provided as an exported function from within a DLL. Many of these userland functions modify and manipulate the arguments prior to passing them to the kernel, which ... READ MORE