Those interested in performing this or a similar modification will need at least the following supplies and equipment: A soldering iron with solder and the appropriate cleaning supplies (sponge, tip cleaner) A desoldering pump ("solder sucker") Wire strippers Heat shrink tubing Epoxy Cable with a standard USB type A female interface Cable with a mini-USB type B ... READ MORE
Blog
VoIP Penetration Testing: Introduction
I've had a number of recent opportunities to conduct VoIP-focused penetration tests. Prior to my first, I noticed that the number of tutorials, blogs and training write ups are pretty scarce. So, I figured it might be helpful to have all of it in one place. In this short blog series, I'll cover the goals, methodology, and tools needed to conduct a successful VoIP penetration ... READ MORE
Evil Twin Attack Using hostapd-wpe
The Evil Twin Attack has been around for some time. In the past, when we've run across WPA/2 Enterprise Wireless networks while on assessments, we'd break out a separate router and sit in a parking lot or lunch room waiting for victims to pass. The attack was simple, but the setup was overly complicated and left us tied to a power outlet. Fortunately, all that is in the past. A ... READ MORE
Analyzing Safe Exception Handlers
SafeSEH (Safe Structured Exception Handlers) is a Windows binary protection mechanism for 32-bit executables that has been around for a while now. When the option is enabled, the linker creates a list of valid exception handler addresses in the SEHandlerTable when the binary is being built. This protection prevents the execution of corrupted exception handlers which is a common ... READ MORE
Chromoting For Access
Chromoting Background Google Chrome offers a service dubbed "Chromoting" which allows users to opt into allowing remote access to their systems for either personal reasons or technical support. To use this service a user must download Chrome, be logged into their Google account, and enable Chromoting via the Chrome Remote Desktop application. The remote desktop application, ... READ MORE
Understanding Radio Frequency Theory
I did a short series on attacking Wi-Fi for my personal blog last year, but I did not cover Enterprise Wireless. A few interesting tools have been released in the time that has passed, so I'm going to steal some of my own words as a short lead into a new post on conducting attacks against WPA/2-Enterprise wireless networks. The Spectrum Electromagnetic energy is the basis on ... READ MORE
Request to Exit Sensor Bypass
(Originally published by @coldfusion39) When performing Physical Attack and Penetration Tests, we occasionally find ourselves on the wrong side of a locked door. The exterior or public side, of these doors is often controlled by an Access Control System utilizing either a Prox or iClass card reader. Due to various fire codes and regulations, the secured side of these doors ... READ MORE
King Phisher 0.1.6 Released
The latest version of RSM's phishing tool King Phisher has been released with numerous improvements. King Phisher is RSM's Phishing Campaign toolkit of choice, developed internally to meet the demands of the engagements that the team encounters. Some of the new features in this release include: Support for email messages with inline images that do not need to be ... READ MORE
Sophos UTM Home Edition – 2 – The Installation
UPDATE: Part 3 - The Setup, Part 4 - Definitions and Rules, and Part 5 - SSL VPN are now available. Now that we've discussed acquiring a Sophos UTM license and downloading the ISO, it's time for the install. This process is extremely straightforward assuming the hardware of choice is compatible. Should any questions arise, concerned users should reference the Hardware ... READ MORE
Enumerating User IDs On Smart Meters
The latest module for the Termineter Framework supports enumerating valid user IDs on smart meters as part of the C12.18 login process. This is particularly useful for certain smart meter vendors that allow the C12.19 general information tables #0 and #1 to be read with a valid user ID and but no password. Enumerating user IDs on smart meters can also identify accounts that can ... READ MORE