Before I got into the security field full time, I made it my goal to someday discover a previously unpublished exploit that would warrant the assignment of a CVE. I was always amazed at the constantly updated Exploit-DB list and wanted to be able to make my own contribution to the database. This month, I was finally able to accomplish my goal and submit my first two ... READ MORE
R&D
Compromise a DCOS Server through a Docker Container
Ever wonder how you can use a docker container to compromise the host? There is a simple process to do so, if you have the ability to start a docker container. With the increasing utilization of docker, there have been several cluster solutions developed. Among these solutions is DC/OS. By default, the installation is found to be rather insecure. The first couple of steps have ... READ MORE
King Phisher Release 1.6
We are happy to announce the long awaited release of version 1.6. The development of version 1.6 is massive compared to prior releases. The major changes are to the back-end API calls too and from the King Phisher server. Utilizing AdvancedHTTPServer capabilities for web sockets, the server will now alert the client when there are changes to the database tables. This allows ... READ MORE
Making Raw Syscalls on Windows From Python
Often times while writing a proof of concept for an exploit or doing vulnerability research its necessary to make a raw syscall on Windows. Usually syscalls are called by a thin wrapping function in userland, often provided as an exported function from within a DLL. Many of these userland functions modify and manipulate the arguments prior to passing them to the kernel, which ... READ MORE
Running a Data URI Phishing Campaign with King Phisher
Data URI Phishing with King Phisher One of the newest techniques being blogged about in the security world is phishing through the data URI. Thanks to a viral Twitter post, many sites like Wordfence have published specific advisories to warn users about this type of attack. What makes this technique so effective is the ability to create a convincing address in the address bar. ... READ MORE
Customizing King Phisher Using Plugins
With the ability to write your own plugins for King Phisher, basically the possibilities for what YOU want King Phisher to do have fallen into your hands. During the newer release for King Phisher, the development team has incorporated the ability to add your own plugins to allow customization on what you'd like the phishing tool to do. For example, we've started a plugin ... READ MORE
I’ve Got 1.2 Million Keys But A Private Ain’t One
GitHub has grown in popularity over the past few years as one of the defacto standard locations to share and collaborate on open source projects. Accounts on GitHub are encouraged to use key based authentication, and to that end, users to upload a public key to allow them to authenticate to their accounts while making changes to code. This summer I crawled, collected, and ... READ MORE
An Analysis of MS16-098 / ZDI-16-453
This past patch Tuesday, Microsoft released MS16-098, a patch for multiple vulnerabilities in "Kernel-Mode Drivers". Within this patch, the vulnerability identified as CVE-2016-3308 and ZDI-16-453 was addressed. This post is an analysis of this vulnerability and how it could potentially be leveraged by an attacker in the form of a Local Privilege Escalation (LPE) ... READ MORE
King Phisher Release 1.4
We are happy to announce the release of King Phisher version 1.4. King Phisher has supported Python 3 for several versions now and is now standard for new installations of King Phisher starting with this release. Anyone that utilizes the tool/install.sh script to install King Phisher will have it installed and configured utilizing Python 3. Users that use this method will ... READ MORE
Bypassing Gmail’s Malicious Macro Signatures
Malicious macros in Excel spreadsheets are one of the most common methods of delivery in phishing attacks. If the premise is enticing enough, an unsuspecting user may download the document and enable macros which could result in arbitrary code being run on their system. In order to simulate a phishing campaign from an attacker, we at RSM will typically utilize the macro ... READ MORE