• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Blog

Generating Time-based One-time Passwords With PowerShell

February 5, 2015 By Jeff

In this post I will be explaining how to leverage PowerShell to create a time-based one-time password (TOTP).  If you are not familiar with the concept of one-time passwords, the key point is that they are passwords that can be used only (drum roll) one time.  If you require more information please see this Wikipedia article. If you have ever used RSA's SecurID or Google's ... READ MORE

Vulnerabilities 2014: Moving Forward

January 27, 2015 By Erik

2014 saw the release of a number of critical vulnerabilities that caused media storms and left script kiddies on the edge of their seats in anticipation of public exploits. These high impact vulnerabilities included, but were not limited to: Heartbleed CVE-2014-0160 Various ShellShocks CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, ... READ MORE

Real World Malware Analysis Part 1

January 26, 2015 By Mark Wolters

Full Disclosure: Malware analysis isn't my area of expertise, but I have been looking for chances to learn more. Let's learn together! I was recently describing to a friend how phishing attacks work, one of the most common ways being word documents with a macro to run or download malicious code. Sure enough, several weeks later the same friend received a phishing ... READ MORE

Taking One For The Team: The “Double Tailgate” Approach for Physical Pentests

January 23, 2015 By RSM Author

When it comes to physical pentests, there are a variety of different approaches and techniques used depending on the environment and situation. While most people are familiar with the concept of tailgating in order to gain access to restricted areas, the double tailgate can be useful when the point of entry has tailgating detection mechanisms in place. The scenario where ... READ MORE

CYA: Cover Your Alfa (Part II)

January 12, 2015 By Andy

Part II:  Testing In the first part of this post I covered the basic steps I took to conceal an Alfa AWUS036H in an HDD enclosure. In this part I’ll cover the basic testing I did to see how that impacted its performance, as well as the results of those tests. The diversity of wireless cards, drivers, and programs can make it difficult to get honest comparisons between ... READ MORE

CYA: Cover Your Alfa (Part I)

January 12, 2015 By Andy

Those interested in performing this or a similar modification will need at least the following supplies and equipment: A soldering iron with solder and the appropriate cleaning supplies (sponge, tip cleaner) A desoldering pump ("solder sucker") Wire strippers Heat shrink tubing Epoxy Cable with a standard USB type A female interface Cable with a mini-USB type B ... READ MORE

VoIP Penetration Testing: Introduction

January 8, 2015 By Jeremy

I've had a number of recent opportunities to conduct VoIP-focused penetration tests. Prior to my first, I noticed that the number of tutorials, blogs and training write ups are pretty scarce. So, I figured it might be helpful to have all of it in one place. In this short blog series, I'll cover the goals, methodology, and tools needed to conduct a successful VoIP penetration ... READ MORE

Evil Twin Attack Using hostapd-wpe

December 30, 2014 By Ken Smith

The Evil Twin Attack has been around for some time. In the past, when we've run across WPA/2 Enterprise Wireless networks while on assessments, we'd break out a separate router and sit in a parking lot or lunch room waiting for victims to pass. The attack was simple, but the setup was overly complicated and left us tied to a power outlet. Fortunately, all that is in the past. A ... READ MORE

Analyzing Safe Exception Handlers

December 22, 2014 By Spencer

SafeSEH (Safe Structured Exception Handlers) is a Windows binary protection mechanism for 32-bit executables that has been around for a while now. When the option is enabled, the linker creates a list of valid exception handler addresses in the SEHandlerTable when the binary is being built. This protection prevents the execution of corrupted exception handlers which is a common ... READ MORE

Chromoting For Access

December 15, 2014 By Spencer

Chromoting Background Google Chrome offers a service dubbed "Chromoting" which allows users to opt into allowing remote access to their systems for either personal reasons or technical support. To use this service a user must download Chrome, be logged into their Google account, and enable Chromoting via the Chrome Remote Desktop application. The remote desktop application, ... READ MORE

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 22
  • Go to page 23
  • Go to page 24
  • Go to page 25
  • Go to Next Page »

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.9k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.