Clik here to view.
Malicious VM to Host Attacks
In The Hacker Games, a hostile VM is used as the target. It employs “evil VM” attacks against the host and a few other counterattacks among the included CTF-style challenges, so if you don’t want any...
View ArticleClik here to view.
Ambush – A New Capability for Advanced Defense
At BSides Las Vegas, I just released Ambush, an open-source Host Intrusion Prevention System that I have been developing for the past few months. See my talk at...
View ArticleShellcode sizes in Metasploit
When working on DNS tunneling shellcode, I was wondering how small the shellcode needed to be to work with most exploits. In case you have the same question, this is how you find out how much space,...
View ArticleVulnerable systems setup
I frequently get asked how to set up a test lab to practice hacking on. Usually I point the curious in the direction of VMWare or VirtualBox and tell them to set up VM’s. There are plenty of guides...
View ArticleClik here to view.
Hoarder, HIPS bypasses, and Ambush
I gave an updated Ambush Presentation at Derbycon today. Reverse engineers can feel right at home stepping through the IDA-inspired slides. Hit the spacebar or the right arrow key to move forward, and...
View ArticleAttack Test
Well, the Mayan Apocalypse came and went, and since we’re all still here, it’s time to get back to computer security. It shouldn’t be a surprise that the most likely way you’ll get exploited is through...
View ArticleRunning Code From A Non-Elevated Account At Any Time
You may have found yourself in a situation where you have access to a system through a limited user account, or could not or did not want to bypass UAC (AlwaysOn setting for example) and you needed to...
View ArticleAuthenticated Remote Code Execution Methods in Windows
All of the below are supported ways of remotely executing code that are built-in to Windows. If psexec isn’t working since a service is not running or ports are blocked, you can try all these other...
View ArticleEconomics in One Lesson
This is off the security topic, but I was really excited to find this online, so deal with it. Everyone who votes needs to understand this. We have all heard the fallacies before, and it’s hard not to...
View ArticleSaving shells with PrependMigrate
One of the more frustrating experiences in infosec is getting a session back – just to have it die a second later. Often, exploited processes are simply unstable; after smashing the heap or some other...
View ArticleClik here to view.
Using the GUI in Metasploit 4.6
Unfortunately, Rapid7 recently informed me that they would no longer be including msfgui from the official distribution of Metasploit (along with Armitage). This means that the only bundled interface...
View ArticleClik here to view.
Breaking and Building a Secure Network – BSides San Antonio
This past weekend I gave a talk at BSides San Antonio titled “Pigs Don’t Fly – Why owning a typical network is so easy, and how to build a secure one.” I took a top-down look at the security barriers...
View ArticleFixing Pass The Hash and 14 Other Problems
This is an update to breaking and building a secure network. A key part of that advice is a combined solution to about 15 different serious problems with password-based authentication, including the...
View ArticleAmbush Standalone
Ambush was designed in a server-client architecture to make it easy to deploy to lots of systems, but sometimes you just want to get it running on a single system, without the hassle of requiring a...
View ArticleSecure random password generation
Ideally you never use a password, but sometimes, you have to anyway. One very common scenario is in signing up for a web application. Such passwords can be stored on the server, hashed with a fast...
View ArticleClik here to view.
Remote Desktop and Die – How to RDP Faster Without Getting Robbed
Unless you have not patched your domain controller in the past five years, chances are, if an intruder gets domain admin or enterprise admin level access, they probably did it through credential theft....
View ArticleThe Infosec Revival – DerbyCon 2013
DerbyCon this year was awesome as usual. I presented “The Infosec Revival: Why owning a typical network is so easy, and how to build a secure one.” The video is here on Youtube: Or you can check out...
View ArticleClik here to view.
Catching dropped executable files without a sandbox
One common technique used by a lot of exploits, malware, and obfuscated software is to dynamically generate or download an executable or DLL file, run it or load it, then delete it. I frequently catch...
View ArticleAdding Easy SSL Client Authentication To Any Webapp
Go straight to the code samples/instructions Let’s face it, if you are using passwords on your web site or application, you are part of the problem. It doesn’t matter if you’re using bcrypt or scrypt,...
View ArticleA Comparison of HTTPS Reforms
An old adage in cryptology is that encrypting data is always easy, but key distribution is always hard. One good example of this is in the Certificate Authority (CA) system; which of course is the...
View Article