Blog

Scaling New Walls with Old Ladders

The security landscape is always changing. Both attackers and defenders are constantly facing new challenges. The content of the pentester’s toolbox today is very different from just a few short years ago, as has the array of technologies, network administrators, and security practitioners have at this disposal to defend against increasingly capable threat agents. With...

MS15-034 – Range Header Integer Overflow

The Internet is all a buzz again with the latest Microsoft vulnerability, affecting HTTP.sys. We have been getting a number of questions about the severity and scope of impact. Impact To determine if you are applications or hosts are impacts consider the following items: Does it use IIS 6.0 or Later? Does it use HTTP...

Introducing SHIPS – Centralized Password Management

The Shared Host Integrated Password System (SHIPS) is an open-source solution created by Geoff Walton from TrustedSec to provide unique and rotated local super user or administrator passwords for environments where it is not possible or not appropriate to disable these local accounts. Our goal is to make post exploitation more difficult and provide a...

From MS14-068 to Full Compromise – Step by Step

The MS14-068 flaw in Kerberos allows a regular authenticated domain account to elevate permissions to compromise an entire domain. Recently Sylvain Monne’ (kudos and awesome work to Sylvain) released PoC code in order to gain access to a administrative share utilizing the Kerberos flaw. A regular user could grab a Kerberos token and then authenticate...

Shellshock DHCP RCE Proof of Concept

DHCP bash shellshock POC: 1) Just about any DHCP string value should work for the exploit. Value 114 is URL, which is a string and should be reliable for use 2) start a DHCP server on the network And set the string value for 114 to: () { ignored;}; echo ‘foo’ Replace the portion of...