We've written in the past about the "Evil twin" or "Evil AP" attack using hostapd-wpe ("wireless pwnage edition"). This remains a viable attack in environments using enterprise authentication, and the patched hostapd obviates the need for a wireless access point, making the attack easy and portable. However, like most attacks there are still opportunities for tweaking and ... READ MORE
Offense
Pivot, Exploit, Death by Firewall
Another scenario that is getting all too familiar: It is another day in the office. The external penetration test is going as planned. You broke in to the internal network and you have transports in place. You just need that last trophy before you can call it a day! You finally find the system where it is stored. You prep for the attack, and check to make sure all is setup ... READ MORE
Encrypt Macros – Bypass Sandboxes
It’s no secret that phishing is the most widely used and most successful attack vector in breaches and targeted attack campaigns. Between the DNC breach, ransomware campaigns, and other high profile cases, we as an industry, are seeing it more and more often. It should come as no surprise that, as a result, penetration testers are turning to this attack vector more and more ... READ MORE
Building a Convincing USB Drop
One of my favorite attack vectors is the USB drop. At RSM, our two go-to drops are the Rubber Ducky and backdoored executable files on a normal USB flash drive. We will typically load a Ducky with an Empire script which executes a PowerShell one-liner when plugged into a victim machine. The executable-loaded drives require the victim to mount and open the USB drive and then ... READ MORE
Meterpreter Transports: Digging in with your Shell!
The scenario is all too familiar: Its a been a long week of digital warfare, and you are about to call it quits. And then all of a sudden, you have a shell call back to your handler! You're in for the moment, but it's only a matter of time before that pesky blue team finds and blocks you. You now must waste precious time desperately trying to set up persistence in order to ... READ MORE
Download Now: Malicious Android Apps
In the modern world, almost every one of us has a mobile device in our pockets. Whether through Android, iOS, or even Windows, we have something that directly connects our lives to the internet. From texting to banking, smart phones can do it all. For better or worse, this means they are ripe for the picking in terms of an attack vector. Also according to the global market ... READ MORE
Leveraging MS16-032 with PowerShell Empire
It's not very often in the life of a pentester that you find a point-and-click exploit that works right out of the box. Most public scripts are simple proofs of concept that don't work in every scenario and must be modified to perform the desired action. In fact, the OSCP course from Offensive Security has a big section dedicated to altering existing code to make it work for a ... READ MORE
Approaches for Wireless Man-in-the-Middle
The wireless medium is inherently susceptible to man-in-the middle attacks. Whether the objective of such an attack is to capture traffic, or simply make an "evil" access point more believable by connecting clients to the Internet, there are a few different approaches one can take to inserting themselves between their target(s) and the Internet. This post explores two of ... READ MORE
Pretexting: Your Targets Want to, They Just Don’t Know it Yet
When conducting a social engineering engagement, be it in person or remote, your pretext can mean life or death for your engagement. First off, let's define what a pretext is. A pretext is your story. Who you are, the company you work for, your purpose, even down to how many kids you have, their names, the car you drive, etc. Depending how far you need to go, having details ... READ MORE
Intro to OSINT
*All images in this post were found using publicly available sources and should be used for educational purposes only One of the best things in the IT community is Open Source Software. Open source software is something where the a company develops a piece of software and then makes the source code publicly available, allowing anyone to look and manipulate the code. This has ... READ MORE