• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Blog

CTF – Malware Analysis Walkthrough

July 2, 2015 By Mark Wolters

RSM hosted a capture the flag tournament for high school students at Mount Union back in April. This is the walkthrough for the forensics 400 CTF challenge. ("It should have been posted earlier, but it fell through the cracks." -patchwork). In my first walk-through I spent a lot of time talking about how I meant for the problem to be able to be solved without much prior ... READ MORE

Pillage Exchange

June 29, 2015 By Andy

A while back I wrote a post detailing a technique for pillaging .pst files.  A .pst is a "personal storage folder" created by Microsoft Outlook containing email messages, contacts, appointments, and other information, and may be stored locally or on a centralized server.  The approach I detailed in that post involved dropping a small binary on the machine hosting the .pst ... READ MORE

Find Sensitive Data with Bulk Extractor

June 29, 2015 By Mark Wolters

Bulk Extractor is a great tool for searching a file system for sensitive data. Bulk extractor ignores the file system and scans it linearly. This, in combination with parallel processing, makes the tool very fast. It will have an issue with fragmented files, but typically, files aren't fragmented. Follow the directions here  for installation.   Using BEViewer, the ... READ MORE

Intro to IMINT

June 25, 2015 By RSM Author

*All images were obtained from Google maps and are to be used for educational reason only* I used to play Eye Spy all the time when I was younger.  It made car rides go faster, gave me and my friends something to do while waiting in the ice cream line, and as I recently discovered, the game also provided me with a bit of career prep. Imagery Intelligence (IMINT) is ... READ MORE

Real World Malware Analysis Part 4: Dynamic Analysis

June 15, 2015 By Mark Wolters

Last time we used Malwr.com to automate a lot of our analysis, but the process was not without a few sticking points. Malware analysis typically falls into two categories, static and dynamic. These two really go hand-in-hand, and while it is possible to alternate between them, today we will focus on dynamic analysis. Remember to properly set up your lab environment! We are ... READ MORE

Crouton – Chromebooks as a Pentesting Platform

June 5, 2015 By Ken Smith

I had the opportunity to pick up a Chromebook (Acer C720) on the cheap(er) this past weekend. A local high school was getting rid of those machines that had previously belonged to graduating seniors who had chosen not to buy them outright at the end of the year. I had never had much of a chance to play around in ChromeOS until now, so I was excited to get my hands dirty. I have ... READ MORE

Physical Penetration Tests – SOPs and Planning

June 4, 2015 By Andy

This post describes some of the factors that a team should take into account while planning and executing a physical penetration test. As a disclaimer, some may find the heavy use of military jargon alarming.  Such language is not intended to suggest or encourage an adversarial relationship between the security professionals and their clients; rather, it’s the simple result ... READ MORE

Collecting Volatile Data with AWK

June 2, 2015 By Mark Wolters

On a recent forensics case, a coworker and I noticed some interesting logs on a Linux web server. TCPDump showed some strange traffic from a handful of IPs, but the access logs were not showing any visits from the offending addresses. The traffic was encrypted so it wasn't possible to see what was being sent, so we needed to do some additional digging. A lot is required to take ... READ MORE

Metasploit Module of the Month – ntlm_info_enumeration

May 30, 2015 By Jeff

This post will be the first in an ongoing series devoted to covering various modules in the Metasploit Framework and their uses.  We hope that our readers will find this useful, as there are more modules added to the framework each day, as well as some obscure modules which are incredibly valuable.  This entry in the series will examine one of the latter, ... READ MORE

Building a Vulnerable Box – Heartbleed

May 22, 2015 By Andy

Patchwork may have wrapped this series up in his last post, but I've got one more to add. The Heartbleed bug (CVE-2014-0160) received a lot of press when it was discovered and disclosed in April of 2014, and deservedly so.  The vulnerability was severe not only because of the sensitivity of the information it could leak, but also because of its prevalence across the ... READ MORE

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 19
  • Go to page 20
  • Go to page 21
  • Go to page 22
  • Go to page 23
  • Interim pages omitted …
  • Go to page 25
  • Go to Next Page »

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.9k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.