• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Events

CVE 2022 30190 “Follina”

June 10, 2022 By Trevor Ryan

Have you ever had to download a Microsoft Word document from a co-worker, friend, family member? I know I have. Now imagine you think you receive a Word document from your boss titled “New Promotions/Raises”. Without thinking, you go to download and access the file, and then a weird window pops up about Microsoft Windows Diagnostic Tool. The document is blank, which is weird, ... READ MORE

Russia Ukraine Conflict Observables

March 9, 2022 By Joel Belton

With the rise of cyberwarfare against Ukraine and Russia, one could agree that there could be potential blowback from the sanctions that the United States has placed on the country of Russia. Some of the attacks that have been observed against Ukraine are attacks that include data wiping malware, such as HermeticWiper, Whispergate, and IsaacWiper. There have also been ... READ MORE

Russia’s new breadbasket is America’s Mid-West

September 30, 2021 By Todd Willoughby

The BlackMatter ransomware group, which claims to be the successor to the ostensibly, but possibly not so retired threat actor groups REvil/DarkSide, has successfully breached an Iowa-based grain and farm services provider. The provider, which operates grain elevators, trades crops and provides other support to Iowa and surrounding farmers, says it's has taken it’s systems ... READ MORE

King Phisher Release 1.9

November 22, 2017 By Erik

Today RSM is proud to announce the latest release of our open source Phishing tool King Phisher. This release brings many new features that we hope offer users a much more pleasant experience and facilitate tapping into some of the more customizable potential of King Phisher. The biggest upgrade with King Phisher version 1.9 is that the client's plugin manager got a huge ... READ MORE

King Phisher Release 1.8

June 6, 2017 By Erik

King Phisher 1.8

The King Phisher version 1.8 has arrived with the following changes: Warn Python 2.7 users that this is the last release Python 2.7 will be supported The Windows MSI build is now in Python 3.4 King Phisher server now supports Red Hat Server 7 King Phisher client support for OS X by using Docker Support for issuing certificates with acme while the server is ... READ MORE

Boston Key Party CTF Crypto-200

February 27, 2017 By Spencer

I love using sponges for crypto Who doesn't, right? This past weekend was the Boston Key Party (BKP) CTF which was a fun and challenging event. The challenge I spent the most time working on was the Crypto 200 point challenge titled "Sponge". The challenge was to find a collision with the known value "I love using sponges for crypto" using a custom hashing algorithm ... READ MORE

Capture the Flag 2017 – Example Challenges

January 26, 2017 By Ken Smith

Early next year, RSM will host its fourth annual Capture the Flag event. We wanted to give our potential participants some background information and examples of the types of problems they will encounter. Coding: https://warroom.rsmus.com/ctf-example-coding/ Cryptography: https://warroom.rsmus.com/ctf-example-cryptography-2/ Forensics: ... READ MORE

CTF Example – Web Application Security

January 26, 2017 By Andy

During RSM's 2016 Capture the Flag (CTF) event, the Web Application Security category took the format of a full-blown web application penetration test.  Participants could accomplish the 100 point challenge simply by exploring and mapping out the web application.  By the time participants reached the 500 point level, they had performed password guessing, SQL injection, bypassed ... READ MORE

CTF Example – Social Engineering

January 26, 2017 By Mike

When a client requests a Social Engineering assessment, they are wanting to test any weaknesses found in the people themselves, not necessarily technology. After all, it's often easier to just ask someone directly for their password instead of trying to find an exploit for an application. In the context of a penetration test, typically this takes the form of impersonating ... READ MORE

CTF Example – Physical Challenges

January 26, 2017 By Mike

In the Physical Challenge category, problems are focused on simulating technical skills that a consultant might have to use on an asssessment. Two major skills that come in handy are knowledge about lockpicking and security cameras. Lockpicking Lockpicking is something of both an art and a science. The scientific part is easy to understand as illustrated by this fantastic ... READ MORE

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.8k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.