Our team has collected two years worth of internal penetration testing data to put together a white paper covering our most frequent footholds that lead to full network compromises. The data clearly shows that passwords and patching continue to be a significant problem. Nearly half of all compromises achieved by RSM's testing team between 2018 and 2020 were a direct result ... READ MORE
Blog
Distributed Security: Advancements in IT Governance using Multi-Party Computation (MPC)
Imagine never having to remember a password again. To some this might sound crazy, but by combining time-tested cryptography and new technological advancements, this far-fetched proposition is possible. Multi-party computation (MPC) protocols allow users to eliminate the need to remember passwords and potentially much more while simultaneously enhancing data security. MPC works ... READ MORE
Building a Vulnerable Box – HTML5 VPN Portal
Years ago, I wrote a series of posts covering the basics of building and exploiting vulnerable machines for learning purposes. With my two most recent posts covering virtual labs, it seems like an appropriate time to revisit the topic. I've used the misconfiguration I'm going to cover in this article on several Capture the Flag events and mock pentests over the years. It ... READ MORE
Building a Lab Network – Faux Corporate Networks
Last month, I mentioned the possibility of setting up a second virtual firewall in a lab environment to simulate a corporate network with mock internal and external spaces. I frequently do this for CTFs, student pentesting projects, and more. Offensive security training is rapidly moving towards realistic environments. Organizations like HackTheBox which historically have ... READ MORE
SAP RECON CVE-2020-6287
On July 13, 2020, SAP software released a patch impacting the SAP NetWeaver Application Server Java versions 7.5 and earlier. The vulnerability dubbed RECON (Remotely Exploitable Code on NetWeaver) Specifically targets SAP NetWeaver Java while Advanced Business Application Programming (ABAP) stack systems remain unaffected. This vulnerability is operating system (OS) and ... READ MORE
Building a Lab Network in Proxmox and Sophos UTM9
One of the best ways to acquire and maintain an offensive security skill set is to build a home lab and populate it with intentionally vulnerable machines. The most straightforward option is to simply spin up VMs in VirtualBox or VMWare Player and manage everything locally. To take things to the next level, however, you really need a hypervisor like ESXi or Proxmox. Nowadays, ... READ MORE
Office 365—Magic Logs Uncovered
The Dark Ages According to the FBI’s 2019 IC3 report, the IC3 unit received 23,775 business email compromise (BEC) complaints with losses of over $1.7 billion (FBI IC3 Report[1]). We have found that, first and foremost, threat actors are trying to leverage compromised email accounts to perpetrate financial fraud. Though perhaps unintentional, a fraudster will likely access ... READ MORE
Using EDR as an Incident Response Tool
What is EDR? Endpoint detection and response (EDR) has been a buzzword in the world of cybersecurity for the last couple years, but what does that really mean? EDR tools are designed to continuously monitor systems for anomalous or malicious activity. A monitoring agent runs in the background, ideally on every endpoint in the environment, and the end user experiences little ... READ MORE
Enumerating Emails via Office.com
On a recent penetration test, I discovered that manually attempting to log into Office.com would give an indication as to whether an email address exists or not. Both of the techniques I was familiar with for Office365 username enumeration, using the Autodiscover API and ActiveSync, have both been fixed so this was definitely something worth exploring. I captured a few ... READ MORE
Socially Susceptible – Augmenting phishing with machine learning classifiers
Crafting sophisticated phishing campaigns is a necessary part of offensive tradecraft for testing security conscious and complex environments. The old adage goes "a chain is only as strong as its weakest link". Historically this chain has been people, but with increased resources and focus on testing, attackers have worked to find ways to increase their chances of gaining a ... READ MORE