Back for more? Good. I learned quite a bit doing the research for this portion of the series, and I have to give credit mostly to my sources. Check out the Open Security Research and Infosec Institute articles in the references. They go really in depth on this topic. I am not really expanding on their content, but I find that spending time explaining it helps me to better ... READ MORE
Blog
Building a Vulnerable Box – Domino
IBM Domino (formerly Lotus Domino) is a particular interesting (and lengthy) setup. The build is not terribly complicated, but the software has been vulnerable for a long time, so it's definitely worth exploring. We might as well have titled the blog "Building a Domino Box" with the vulnerability simply assumed. This box was also featured on the final for my university ... READ MORE
CTF – PHP and OS Command Injection
This past weekend, RSM’s technical consultants worked with representatives from the University of Mount Union to host a Capture the Flag competition for teams of local high school students. The teams competed for scholarship money in challenges spread across six categories – Coding, Cryptography, Forensics, Grab Bag, Hacking, and Web. The students’ collaboration, research, ... READ MORE
Building a Vulnerable Box – Rejetto HFS
Happy Friday. Today's vulnerable box was not particularly difficult to set up, but I like the exploit. I am also using this particular box on the final exam for my network security students over the next few weeks, so part of me wants to see if they stumble across the tutorial. Full disclosure: I've never encountered Rejetto's HTTP File Server on a penetration test. I ... READ MORE
Real World Malware Analysis Part 3: Sandbox
In the first post, we created our own malware lab with some basic tools. Now we're going to use someone else's sandbox. The automated analysis provided by Malwr.com has been tremendously useful in the short time that I have been using it. It's a great tool for getting things done quickly. Keep in mind that even though a lot of the essentials are automated here, we'll stick to a ... READ MORE
Building a Vulnerable Box – Elastix
This spring, I had the opportunity to teach Network Security at a local university. As one would expect, I chose to teach the course from the perspective of a pentester. One of the challenges I've faced is setting up vulnerable systems for my students to attack. We've also started using the boxes internally to training new hires and test certain exploits and techniques (the ... READ MORE
Build Your Own Pentest Pi
Raspberry Pis are really a thing of beauty. They're extremely versatile and can perform multiple tasks in spite of their small size and power. I currently own three! One is currently serving as a Kodi media server at home, and the second is a portable media server for my daughter. I most recently acquired a Pi 2. The Raspberry Pi 2 debuted last month and sports a new hardware ... READ MORE
Shells by Mail: Backdooring USB Devices for Fun and Pwnage
Pretty much everyone is familiar with the most common ways that organizations are breached, weak passwords, misconfigured systems, social engineering, etc., but on a recent engagement we decided to do something a little bit unconventional. In terms of attack vectors, our client had placed only one restriction on us, we could not physically go inside their facilities. So ... READ MORE
DLL Injection Part 1: SetWindowsHookEx
The goal of DLL injection is to load a code into another running process’ address space. So how exactly do we go about accomplishing that? It turns out there are a couple of ways to do so in Windows. We are first going to examine "SetWindowsHookEx," a method for creating hooks in Windows. If by the end of this post you are hungry for more, check out the references at the ... READ MORE
Pillaging .pst Files
This post originally proposed using the open-source java program Xena and its included plugin for converting .pst files into a searchable format. It still references Xena, but has been updated to reflect a simpler approach. On a recent engagement we were able to quickly compromise a client’s network thanks to NetBIOS spoofing and easily cracked passwords. Of course, the ... READ MORE