• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Offense

Prevent GPO from applying to your attack VM

July 28, 2017 By RSM Author

You’re on an engagement and just obtained your first set of credentials. Score! You attempt to join your Windows VM to the domain and you are greeted with a warm message: “Welcome to the __ domain”. You’re excited to have your initial foothold in the network but you quickly realize these credentials don’t provide much access. We need to go deeper! You start looking for ways ... READ MORE

Interior Routing Protocols: The Basics

July 21, 2017 By Jacob Dugan

Being part of the blue team it is helpful to have familiarity with routing protocols as they help you move traffic throughout the network and if you don’t well, then you have come to a good place to start. Routing protocols can be classified into two different categories: exterior and interior. Exterior routing protocols focus on routing from a network to the internet while ... READ MORE

Razer rzpnk.sys IOCTL 0x22a050 ZwOpenProcess (CVE-2017-9769)

July 14, 2017 By Spencer

Today RSM is releasing the second and more serious of two unpatched vulnerabilities identified within drivers used in the gaming peripheral company Razer's Synapse application. The driver in question is rzpnk.sys (md5: B4598C05D5440250633E25933FFF42B0) which exposes some functionality via an IOCTL interface. This vulnerability exists within the handler for IOCTL code ... READ MORE

Razer rzpnk.sys IOCTL 0x226048 OOB Read (CVE-2017-9770)

July 13, 2017 By Spencer

Today RSM is releasing the first of two unpatched vulnerabilities identified within drivers used in the gaming peripheral company Razer's Synapse application. The driver in question is rzpnk.sys (md5: B4598C05D5440250633E25933FFF42B0) which exposes some functionality via an IOCTL interface. Today's vulnerability is an out of bounds read condition that can be exploited by ... READ MORE

All In One OSINT

June 16, 2017 By Bryan

If we've said it once, we've said it a thousand times: OSINT is an attacker's best friend. There are a plethora of tools out there that we use everyday as pentesters to accomplish our tasks. For those of you starting out in the field, or are hobbyists, you probably have virtual machine with Kali Linux installed. Kali is a great pentesting tool, the best part about it is it ... READ MORE

Weaponizing hostapd-wpe

June 2, 2017 By Andy

hostapd-wpe-openwrt

TL;DR: Installing hostapd-wpe on a wireless router powered by an external power bank provides a standalone wireless attack platform with good transmit power, concealability, and mobility. Despite being almost 5 years old (but recently updated to support hostapd 2.6), hostapd-wpe is still a go-to tool for assessing the security of wireless clients attached to WPA2 Enterprise ... READ MORE

Footprinting the Target with Recon-ng

May 12, 2017 By RSM Author

Thank you for dropping in for part 2 of our tutorial series on LaNMaSteR53's Recon-ng information gathering framework. Last time, we focused on the fundamentals of navigation within the tool, selecting, configuring and executing modules, and understanding the output. If you came across this page first, please drop back to Part 1 of the series to get a solid background on the ... READ MORE

Obfuscating Launchers to Limit Detection

May 8, 2017 By Jeff

Last time, I provided a method for encrypting macro payloads (https://warroom.rsmus.com/encrypt-macros-bypass-sandboxes/)  to prevent them from executing correctly in the event they were analyzed in a sandbox.  On a somewhat-related note, in this post, I will discuss another method which can help ensure your payload makes it successfully to your target: obfuscation.  First, ... READ MORE

Segmenting, Subnetting and You

April 24, 2017 By Jacob Dugan

I  completed a week of Cisco Certified Network Associate (CCNA) training and passed the exam.  I learned an interesting bit about how to quickly subnet. I would like to focus on how to subnet quickly without a calculator. For blue teamers, this skill is useful for implementing and evaluating segmentation. For red teamers, it can be useful for determining the number of potential ... READ MORE

Reconnaissance with Recon-ng

April 13, 2017 By RSM Author

recon-bg

Intro to Recon-ng Reconnaissance is the first and arguably the most critical phase of any penetration test. It is the first step of the Attacker’s Methodology, and depending on how it is done will define how the test proceeds. This information gathering phase can be done countless different ways, but if it is not done correctly, you end up with very limited information and ... READ MORE

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Go to page 5
  • Go to page 6
  • Interim pages omitted …
  • Go to page 9
  • Go to Next Page »

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.9k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.