When conducting a social engineering engagement, be it in person or remote, your pretext can mean life or death for your engagement. First off, let's define what a pretext is. A pretext is your story. Who you are, the company you work for, your purpose, even down to how many kids you have, their names, the car you drive, etc. Depending how far you need to go, having details ... READ MORE
Offense
Intro to OSINT
*All images in this post were found using publicly available sources and should be used for educational purposes only One of the best things in the IT community is Open Source Software. Open source software is something where the a company develops a piece of software and then makes the source code publicly available, allowing anyone to look and manipulate the code. This has ... READ MORE
Do that Phish: King Phisher Video Guides
The Importance of Phishing Over the last few years, trending has emerged that clearly indicates social engineering, specifically phishing, is the most consistently reliable attack vector through which hackers gain access to target organizations. Given the non-technical, weak-link factor involved in responding to a well crafted phishing attack, how can organization best combat ... READ MORE
Create an Encrypted Leave-Behind Device
Consider this scenario: You've breached the physical perimeter of the target organization. Once inside, you need to establish some means of remote network access, whether for yourself or your teammates waiting on the outside. In this example, this takes the form of a device you plug in to an unattended network jack within the target organization. Whether you call this ... READ MORE
Scripting RDP for Pillaging and Potato
Previous posts on the WarRoom have addressed expediting the use of remote desktop to facilitate pillaging. This post explores scripting commands through an RDP client to serve that same purpose. The end result is one-liner that will log in to a remote system, attach a local directory, execute a script, and save the output to that same local directory, provided the attacker has ... READ MORE
Let’s Hack! Part 2: Using Certificates From “Let’s Encrypt”
This is the second post of a two-part series, so if you haven't read part one yet, stop reading, and go do that first. Those that have followed through the first post will have installed the Let's Encrypt client and obtained their first certificate. Now lets take a look at how to leverage this certificate for some offensive purposes. This post will walk through using the ... READ MORE
Let’s Hack! Part 1: Using Certificates From “Let’s Encrypt”
In case you haven't heard, in early December 2015, Let's Encrypt entered Public Beta, meaning that anyone can get a certificate issued by the Let's Encrypt Certificate Authority without the need for an invite. If you aren't familiar with the Let's Encrypt project, you should check out their site. I can't really sum it up any better than they did already, so to quote them, ... READ MORE
Phishing for Days: Utilizing the King Phisher Calendar Invite
With the upcoming release of King Phisher v1.1, there will come a new way to Phish through calendar invites. "Why calendar invites?" you might ask. Well, when you get a typical calendar invite, how likely are you to thoroughly read through it? People tend to check the sender and, maybe, their availability and then accept. Only when it's time for the meeting do most ... READ MORE
Launch rdesktop from Metasploit
I often resort to remote desktop sessions when pillaging or attempting lateral escalation. Remote desktop provides an easy way to look for important data, get an idea of what applications are in use, run scripts or programs, and transfer data between my host and the target system. Since the Windows “Remote Desktop Connection” program keeps track of IP addresses and makes it ... READ MORE
Metasploit Module of the Month – enum_ad_computers
Summer has officially ended and Autumn is setting in. As the leaves begin to fall and September draws to a close, it’s a perfect time to sit back and reflect on the metasploit modules that filled our Summer months with joy. In the third installment of our “Module of the Month” series we examine enum_ad_computers, a post-exploitation module that combines the flexibility of LDAP ... READ MORE