The scenario is all too familiar: Its a been a long week of digital warfare, and you are about to call it quits. And then all of a sudden, you have a shell call back to your handler! You're in for the moment, but it's only a matter of time before that pesky blue team finds and blocks you. You now must waste precious time desperately trying to set up persistence in order to ... READ MORE
Blog
I’ve Got 1.2 Million Keys But A Private Ain’t One
GitHub has grown in popularity over the past few years as one of the defacto standard locations to share and collaborate on open source projects. Accounts on GitHub are encouraged to use key based authentication, and to that end, users to upload a public key to allow them to authenticate to their accounts while making changes to code. This summer I crawled, collected, and ... READ MORE
An Analysis of MS16-098 / ZDI-16-453
This past patch Tuesday, Microsoft released MS16-098, a patch for multiple vulnerabilities in "Kernel-Mode Drivers". Within this patch, the vulnerability identified as CVE-2016-3308 and ZDI-16-453 was addressed. This post is an analysis of this vulnerability and how it could potentially be leveraged by an attacker in the form of a Local Privilege Escalation (LPE) ... READ MORE
King Phisher Release 1.4
We are happy to announce the release of King Phisher version 1.4. King Phisher has supported Python 3 for several versions now and is now standard for new installations of King Phisher starting with this release. Anyone that utilizes the tool/install.sh script to install King Phisher will have it installed and configured utilizing Python 3. Users that use this method will ... READ MORE
Download Now: Malicious Android Apps
In the modern world, almost every one of us has a mobile device in our pockets. Whether through Android, iOS, or even Windows, we have something that directly connects our lives to the internet. From texting to banking, smart phones can do it all. For better or worse, this means they are ripe for the picking in terms of an attack vector. Also according to the global market ... READ MORE
Bypassing Gmail’s Malicious Macro Signatures
Malicious macros in Excel spreadsheets are one of the most common methods of delivery in phishing attacks. If the premise is enticing enough, an unsuspecting user may download the document and enable macros which could result in arbitrary code being run on their system. In order to simulate a phishing campaign from an attacker, we at RSM will typically utilize the macro ... READ MORE
Leveraging MS16-032 with PowerShell Empire
It's not very often in the life of a pentester that you find a point-and-click exploit that works right out of the box. Most public scripts are simple proofs of concept that don't work in every scenario and must be modified to perform the desired action. In fact, the OSCP course from Offensive Security has a big section dedicated to altering existing code to make it work for a ... READ MORE
Identity Legitimacy: Making Your Own ID Badge
A big part of performing any sort of physical penetration assessment involves a little bit of social engineering. More often than not, we choose to spoof a legitimate employee or vendor to attempt to enter the facility. Now, simply saying that you are Joe Schmo from Corporate isn't likely to get you very far. A successful tester will have to look the part, dress the part, and, ... READ MORE
War Room Talks @ B-Sides Cleveland 2016
Video credit: Adrian Crenshaw, @irongeek_adc Process Ventriloquism with ZeroSteiner A Rookie PoV The Hollywood Fallacy with H3llcat ... READ MORE
Let’s Build an Arcade Cabinet: Episode IV
Well, we're now all covered in saw dust and paint, but the shell is up and ready for hardware! The steps we've taken since Episode III are very straightforward, though we also ended up changing the front of the MCP Base just slightly. Other updates included the following (each of which will be covered in more detail below): Attach the cup holder panel Add casters for ... READ MORE