As a penetration tester, learning how to use a CLI (Command Line Interface) is a necessary skill as there are many times where an interactive interface such as Remote Desktop won’t be available. Starting with a standard command prompt for Windows (cmd.exe) is a great start. However, there are more advanced and feature rich CLI interfaces. Two of which are WMI (Windows ... READ MORE
Offense
The State of Ransomware
Ransomware as a concept isn’t exactly bleeding edge. For years, cybercriminals have been using ransomware along with a variety of different attack vectors to compromise companies both big and small around the globe. What is new, however, is the recent uptick in the quantity and frequency of ransomware-based attacks. According to Verizon's 2021 Data Breach Investigations ... READ MORE
Colonial Pipeline Ransomware
Ransomware attacks are no longer simply a malware infection. Today’s ransomware threat actor groups are comprised of skilled hackers who are well-versed in infiltrating their victims’ networks. Once inside the target network, these attackers perform reconnaissance to identify critical accounts, systems and even sensitive data stored within the network. Since the mid-2010s, we ... READ MORE
Cisco Smart Install for Penetration Testing
Cisco Systems Inc. developed a widely used protocol to perform zero touch deployment of new infrastructure. This can include devices such as switches and routers and many other devices running Cisco IOS. This technology is called Smart Install. Smart Install runs on TCP port 4786 and requires no authentication to connect to the remote service. This protocol is very useful for ... READ MORE
Building a Vulnerable Box: RemoteMouse
At the start of every year, I review my lab repository of intentionally vulnerable machines and do my best to add new ones to the list. I recently came across a particularly interesting flaw, from a teaching perspective, and thought it would be worth capturing. RemoteMouse is Windows/Linux/Mac compatible software that can be used in conjunction with a mobile app to turn your ... READ MORE
FireEye Intrusion – Red Team Tools Stolen
There is a saying in the security community that it is not if an organization will suffer a cybersecurity event but when. Current events prove that this statement stands true even for sophisticated security firms such as FireEye. We are closely monitoring the situation and wanted to share our perspective at this point. I share the opinion of at least a few of my peers who ... READ MORE
Vulnerability scanning your Android apps
A lesser known feature of the Mobile Secuirty Framework scanner MobSF from 'https://opensecurity.in/' is its ability to quickly scan a folder of APK files. This isn't normally something most users would need if they were only targeting a single app but if you're trying to assess the security of a device you might find it necessary to look at every piece of software, from the ... READ MORE
Mobile Apps – Testing WebView
Mobile application testing has progressed significantly over the past few years. Whereas the early days of mobile security were more or less a wild west, efforts such as the Mobile Top 10 and testing guide from OWASP and courses like SANS 575 have helped to standardize both methodologies and expectations for testing. Tools like MobSF and expanded support in Metasploit and ... READ MORE
2020 Attack Vectors Report – Internal Pentesting
Our team has collected two years worth of internal penetration testing data to put together a white paper covering our most frequent footholds that lead to full network compromises. The data clearly shows that passwords and patching continue to be a significant problem. Nearly half of all compromises achieved by RSM's testing team between 2018 and 2020 were a direct result ... READ MORE
Building a Vulnerable Box – HTML5 VPN Portal
Years ago, I wrote a series of posts covering the basics of building and exploiting vulnerable machines for learning purposes. With my two most recent posts covering virtual labs, it seems like an appropriate time to revisit the topic. I've used the misconfiguration I'm going to cover in this article on several Capture the Flag events and mock pentests over the years. It ... READ MORE