Physical Penetration Testing is an assessment that involves testing physical security controls to see where they might fail. While this can include a number of different activities, including social engineering, many doors and locks are designed to simply slow down an attacker, not completely protect against one. At RSM, we constructed a sample door for demonstration and ... READ MORE
Blog
Pentesting Restrictive Environments – Part 2
Putting it all together Note: This blog is part 1/2 of Pentesting Restrictive Environments. I highly recommend reading part 1 if you have not! All of the equipment (and context) mentioned below is outlined in the first blog. After getting all of my Amazon packages, I flashed Kali Linux onto the MicroSD card and plugged it into the ODROID-C2. After getting the OS ... READ MORE
Pentesting Restrictive Environments – Part 1
The Scenario On a recent engagement, the client was focused on testing the controls that were in place within the environment. The client wanted a penetration test conducted as a malicious employee using a heavily restricted, domain joined Windows host. The other caveat is that the client would be actively looking for me and works under a 3 strike system. I want to be clear ... READ MORE
Updating Anti-CSRF Tokens in Burp Suite
Updating Anti-CSRF Tokens in Burp Suite Burp Suite developed by Portswigger, is the leading software for web application penetration testing. This application is a wonderful tool for fuzzing and automatically scanning HTTP requests to identify application-level vulnerabilities. Performing a web application penetration test against a target application that has developed a ... READ MORE
Insecure Direct Object References
Insecure Direct Object References Insecure Direct Object References was a category first seen in the OWASP Top Ten 2007 list. It retained its position on the following two succeeding Top Ten lists released in 2010 and 2013. Insecure Direct Object References tend to be prevalent, are easily detected, can be easily exploited, and can have a moderate, if not severe, impact on ... READ MORE
Breakdown of HTTP Messages
HTTP is a stateless protocol used in the World Wide Web (WWW) to facilitate a client-server data transaction. HTTP/1.1 is currently the most widely accepted version of the protocol but the industry will begin to shift over to version 2.0 soon. Web sites and web applications are what the World Wide Web is made up of but there is a key difference between the two, which is that a ... READ MORE
Prevent GPO from applying to your attack VM
You’re on an engagement and just obtained your first set of credentials. Score! You attempt to join your Windows VM to the domain and you are greeted with a warm message: “Welcome to the __ domain”. You’re excited to have your initial foothold in the network but you quickly realize these credentials don’t provide much access. We need to go deeper! You start looking for ways ... READ MORE
Interior Routing Protocols: The Basics
Being part of the blue team it is helpful to have familiarity with routing protocols as they help you move traffic throughout the network and if you don’t well, then you have come to a good place to start. Routing protocols can be classified into two different categories: exterior and interior. Exterior routing protocols focus on routing from a network to the internet while ... READ MORE
Razer rzpnk.sys IOCTL 0x22a050 ZwOpenProcess (CVE-2017-9769)
Today RSM is releasing the second and more serious of two unpatched vulnerabilities identified within drivers used in the gaming peripheral company Razer's Synapse application. The driver in question is rzpnk.sys (md5: B4598C05D5440250633E25933FFF42B0) which exposes some functionality via an IOCTL interface. This vulnerability exists within the handler for IOCTL code ... READ MORE
Razer rzpnk.sys IOCTL 0x226048 OOB Read (CVE-2017-9770)
Today RSM is releasing the first of two unpatched vulnerabilities identified within drivers used in the gaming peripheral company Razer's Synapse application. The driver in question is rzpnk.sys (md5: B4598C05D5440250633E25933FFF42B0) which exposes some functionality via an IOCTL interface. Today's vulnerability is an out of bounds read condition that can be exploited by ... READ MORE