• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Defense

Netscaler Still in the Wild

March 12, 2020 By Ben Sina

It has been two months since Cirtix released details about CVE-2019-19781, a vulnerability found in their NetScaler product. In that time, we here at RSM have been working with several of our clients to help mitigate this vulnerability and remediate the effects of any successful compromises on their systems. Unfortunately, it appears that many more networks are affected by this ... READ MORE

Solarwinds

October 14, 2019 By Mike

How a Default SolarWinds Guest Account Can Facilitate Compromise – and How to Fix It The Problem SolarWinds is a leading provider of network monitoring and configuration management software. However, there’s a default feature on the SolarWinds Orion Network Performance Monitor tool that could be putting your organization at big risk. The issue is a default guest account ... READ MORE

No More Mimikatz

October 14, 2019 By Kyle Zeigler

Mitigating Windows Credential Flaws There’s a vulnerability in Windows systems that is leveraged time and time again while compromising a network. Though the technique is well known to attackers, it is rarely mitigated effectively. Bad combination. But it’s convenient… Windows systems will cache user credentials in system memory. In cleartext. This is a default feature in ... READ MORE

Stanford Password Policy

October 14, 2019 By Kyle Zeigler

A creative solution for stronger passwords Rules, Rules, Rules Most of us are familiar with basic password rules: Don’t use ‘password’. Duh. Don’t use your username as your password. Got it. Don’t repeat the same password for multiple accounts. Don’t choose an easily guessable password combination, even if it looks complex, e.g. ‘Winter2016’. Ok… I know ... READ MORE

SMB Relay

October 14, 2019 By Kyle Zeigler

SMB Relay Attack The SMB relay attack has been around for years, and publicly available tools make the attack easier to carry out. The attack can result in a full network compromise with relatively little effort or expertise on the part of the attacker, making this a very common technique. What’s worse, we’ve noticed many organizations are vulnerable to this attack and might ... READ MORE

Saurus’ Guide to Security+

June 5, 2019 By Jacob Dugan

Hello fellow security professionals and those aspiring to be! Saurus here and excited to write to you on a new blog post. Being a consultant keeps me fairly busy. In addition to managing my workload I recently obtained my COMPTIA Security+ certification.  While the experience of taking the exam is still fresh in mind, I wanted to draft up a blog post about some of the ... READ MORE

Email Controls: Implementing DKIM with Postfix

February 14, 2019 By Bryan

Previously on the War Room, we discussed some basic mail control implementations. Specifically, we looked at simple text records that can be posted to determine what is allowed to send on behalf on the domain. SPF records and DMARC records, when properly configured, can help reduce the chances of someone being able to spoof the domain in a phishing attack. So the next thing we ... READ MORE

The Basics: SPF and DMARC Records

November 26, 2018 By Bryan

It is no secret that one of the major attack vectors is phishing. While some of the success of this is due to a lack of user education and awareness, the other side of the coin are missing basic controls. There is no shortage of enterprise level phishing controls out there, Mimecast and Proofpoint for example. However, these are not silver bullets when it comes to protecting ... READ MORE

Prevent GPO from applying to your attack VM

July 28, 2017 By RSM Author

You’re on an engagement and just obtained your first set of credentials. Score! You attempt to join your Windows VM to the domain and you are greeted with a warm message: “Welcome to the __ domain”. You’re excited to have your initial foothold in the network but you quickly realize these credentials don’t provide much access. We need to go deeper! You start looking for ways ... READ MORE

Interior Routing Protocols: The Basics

July 21, 2017 By Jacob Dugan

Being part of the blue team it is helpful to have familiarity with routing protocols as they help you move traffic throughout the network and if you don’t well, then you have come to a good place to start. Routing protocols can be classified into two different categories: exterior and interior. Exterior routing protocols focus on routing from a network to the internet while ... READ MORE

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Go to page 5
  • Go to Next Page »

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.8k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.