• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Blog

SAP RECON CVE-2020-6287

July 23, 2020 By Austin Marck

On July 13, 2020, SAP software released a patch impacting the SAP NetWeaver Application Server Java versions 7.5 and earlier. The vulnerability dubbed RECON (Remotely Exploitable Code on NetWeaver) Specifically targets SAP NetWeaver Java while Advanced Business Application Programming (ABAP) stack systems remain unaffected. This vulnerability is operating system (OS) and ... READ MORE

Building a Lab Network in Proxmox and Sophos UTM9

July 13, 2020 By Ken Smith

One of the best ways to acquire and maintain an offensive security skill set is to build a home lab and populate it with intentionally vulnerable machines. The most straightforward option is to simply spin up VMs in VirtualBox or VMWare Player and manage everything locally. To take things to the next level, however, you really need a hypervisor like ESXi or Proxmox. Nowadays, ... READ MORE

Office 365—Magic Logs Uncovered

June 15, 2020 By Isaac Barker (RSM) & Kevin Yoegel (Lewis Brisbois Bisgaard & Smith LLP)

O365 - Mail Items Accessed

The Dark Ages According to the FBI’s 2019 IC3 report, the IC3 unit received 23,775 business email compromise (BEC) complaints with losses of over $1.7 billion (FBI IC3 Report[1]). We have found that, first and foremost, threat actors are trying to leverage compromised email accounts to perpetrate financial fraud. Though perhaps unintentional, a fraudster will likely access ... READ MORE

Using EDR as an Incident Response Tool

June 9, 2020 By Zack Doyle

What is EDR? Endpoint detection and response (EDR) has been a buzzword in the world of cybersecurity for the last couple years, but what does that really mean? EDR tools are designed to continuously monitor systems for anomalous or malicious activity. A monitoring agent runs in the background, ideally on every endpoint in the environment, and the end user experiences little ... READ MORE

Enumerating Emails via Office.com

May 18, 2020 By Cameron Geehr

On a recent penetration test, I discovered that manually attempting to log into Office.com would give an indication as to whether an email address exists or not. Both of the techniques I was familiar with for Office365 username enumeration, using the Autodiscover API and ActiveSync, have both been fixed so this was definitely something worth exploring. I captured a few ... READ MORE

Socially Susceptible – Augmenting phishing with machine learning classifiers

May 12, 2020 By Austin Marck

Crafting sophisticated phishing campaigns is a necessary part of offensive tradecraft for testing security conscious and complex environments. The old adage goes "a chain is only as strong as its weakest link". Historically this chain has been people, but with increased resources and focus on testing, attackers have worked to find ways to increase their chances of gaining a ... READ MORE

COVID-19 and Palo Alto’s GlobalProtect

March 13, 2020 By Tim Lambes

With the recent issues involving COVID-19, and the recent closure announcements of college campuses, organizations are beginning to review their capacity to support a larger than normal remote workforce. In the event an office closing, is your organization prepared to support the influx of users attempting to gain access to the corporate network remotely. Can your organization ... READ MORE

Netscaler Still in the Wild

March 12, 2020 By Ben Sina

It has been two months since Cirtix released details about CVE-2019-19781, a vulnerability found in their NetScaler product. In that time, we here at RSM have been working with several of our clients to help mitigate this vulnerability and remediate the effects of any successful compromises on their systems. Unfortunately, it appears that many more networks are affected by this ... READ MORE

Manually upload EVTX log files to ELK with Winlogbeat and PowerShell

February 7, 2020 By Zach Burnham

While the Elastic Stack (ELK) is typically used for live log monitoring, Winlogbeat can be modified to manually send cold logs, or old, inactive Windows Event Logs (EVTX) to ELK for analysis. This functionality allows an analyst to take EVTX files from images or data collected from potentially relevant systems and utilize the functionality of ELK for their ... READ MORE

Ransomware attacks continue to get worse

January 17, 2020 By Luke Emrich

Where did we start? From time to time, I still reminisce about my first ransomware investigation. The attack affected a family business in Florida during the summer of 2015. Business was humming along until one fateful morning when an employee arrived for their day of work, only to find that files stored on their servers were encrypted. I will never forget how devastated the ... READ MORE

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Interim pages omitted …
  • Go to page 21
  • Go to Next Page »

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • Sophos UTM Home Edition – 3 – The Setup 10.7k views
  • DLL Injection Part 1: SetWindowsHookEx 10.6k views
  • Leveraging MS16-032 with PowerShell Empire 9.9k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.7k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2021 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.