• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Blog

King Phisher 0.1.7 Released

February 20, 2015 By Spencer

We are very pleased to announce today that the latest release of RSM's open source phishing toolkit, King Phisher, is now available. This latest release has lots of new features, client GUI improvements and stability fixes. Some of the highlights of version 0.1.7 include: Integration for checking SPF records Automatic CSRF page generation Full support for serving ... READ MORE

Physical Recon TTPs – Urban Environment

February 17, 2015 By Ken Smith

The importance of onsite recon is too often overlooked when discussing physical penetration tests. Map analysis and OSINT are both essential to building cover stories and understanding your targets. And of course, the actual act of breaking-in yields the best stories. Onsite recon, however, bridges the gap between the two and should never be rushed or ignored. Different sites ... READ MORE

Real World Malware Analysis: The Original Phishster

February 16, 2015 By Mark Wolters

When my friend first told me that he was phished with a Word document, two infection methods came to mind: either it was a macro enabled in the document, or it was the recent MS14-064 vulnerability for Office. So let’s take a look! Here is what the offending document looks like when opened: Macros are the winner! What do they do? In Word go to View > Macros > View ... READ MORE

Walking The Stack Back To Userland

February 10, 2015 By Spencer

The nature of writing kernel exploits is tricky. The necessity for reliable exploitation is paramount given that a failure will likely result in system instability usually manifested in the form of a kernel panic / BSOD. Depending on the nature of the vulnerability, maintaining stability after the attacker's shellcode has run can be a real challenge. Often times structures are ... READ MORE

Password Filtering: Taking Bad Decisions Away from Users

February 10, 2015 By Jeremy

(Originally published by @fluffy_bs)   I recently had this conversation with a client following a pen test: Client: "What is our biggest security hole?" Me: "Your password policy is incredibly weak. We were able to brute-force passwords such as Winter14, Password1, and Company1. Client: "We just had a meeting where we reiterated our security policy. I told ... READ MORE

Generating Time-based One-time Passwords With PowerShell

February 5, 2015 By Jeff

In this post I will be explaining how to leverage PowerShell to create a time-based one-time password (TOTP).  If you are not familiar with the concept of one-time passwords, the key point is that they are passwords that can be used only (drum roll) one time.  If you require more information please see this Wikipedia article. If you have ever used RSA's SecurID or Google's ... READ MORE

Vulnerabilities 2014: Moving Forward

January 27, 2015 By Erik

2014 saw the release of a number of critical vulnerabilities that caused media storms and left script kiddies on the edge of their seats in anticipation of public exploits. These high impact vulnerabilities included, but were not limited to: Heartbleed CVE-2014-0160 Various ShellShocks CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, ... READ MORE

Real World Malware Analysis Part 1

January 26, 2015 By Mark Wolters

Full Disclosure: Malware analysis isn't my area of expertise, but I have been looking for chances to learn more. Let's learn together! I was recently describing to a friend how phishing attacks work, one of the most common ways being word documents with a macro to run or download malicious code. Sure enough, several weeks later the same friend received a phishing ... READ MORE

Taking One For The Team: The “Double Tailgate” Approach for Physical Pentests

January 23, 2015 By RSM Author

When it comes to physical pentests, there are a variety of different approaches and techniques used depending on the environment and situation. While most people are familiar with the concept of tailgating in order to gain access to restricted areas, the double tailgate can be useful when the point of entry has tailgating detection mechanisms in place. The scenario where ... READ MORE

CYA: Cover Your Alfa (Part II)

January 12, 2015 By Andy

Part II:  Testing In the first part of this post I covered the basic steps I took to conceal an Alfa AWUS036H in an HDD enclosure. In this part I’ll cover the basic testing I did to see how that impacted its performance, as well as the results of those tests. The diversity of wireless cards, drivers, and programs can make it difficult to get honest comparisons between ... READ MORE

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 21
  • Go to page 22
  • Go to page 23
  • Go to page 24
  • Go to page 25
  • Go to Next Page »

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.8k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.