Finding and Identifying JScript/VBScript Callable COM Objects

November 7, 2019

Microsoft JScript and VBScript are two languages that can be used for initial code execution on a new target. This may be done through the use of a phishing payload that leverages .hta files or through the use of trusted binaries to execute a payload on a new target. The use of .hta files specifically…

Read
neurons inputs and outputs graphic

On the possibility of obfuscating code using neural networks

June 11, 2019

In this blog post, I will cover the current state of my research investigating the possibility of using neural networks to hide shellcode. But before we dig in, I will provide a little background information. For those unfamiliar with neural networks, they are a type of computer system design that is inspired by how human…

Read
Dumping Embedded Java Classes graphic

Dumping Embedded Java Classes

September 6, 2018

A few months ago, I came across a piece of Java malware. This was a nice change of pace for me, since most of what I see is written in C/C++. The malware was heavily obfuscated using a common tool, Allatori v5.3. After working my way manually through decoding, I came to a point where…

Read
chip security graphic

Don’t Delay, Migrate Today (Away from SSL/Early TLS)

August 8, 2018

For those tempted to delay migration away from Secure Sockets Layer (SSL)/early Transport Layer Security (TLS)—don’t wait! This includes all versions of SSL and version 1.0 of TLS (TLS v1.1 and newer are fine). For Payment Card Industry Data Security Standard (PCI-DSS) compliance, you can’t simply migrate sometime before your next PCI audit. Rather, you…

Read
computer icon

Building a “Quick” Lab Environment with Linux Containers

July 3, 2018

As a penetration tester, I often need to stand up small environments (and sometimes not so small) for a few different reasons—to try things out before making a mess of a client’s production system, to avoid being detected, or to use it simply for our own practice. A lot of us at TrustedSec are remote,…

Read
cartoon cat

Enumerating Anti-Sandboxing Techniques

June 19, 2018

Fighting/writing malware is very much a cat and mouse game. One of several techniques used by Anti-Virus/EDR solutions is to detonate payloads in a sandbox and watch what happens. To combat this, malware writers (and pentesters) have been including checks in their payloads to identify when running in a sandbox to evade detection. However, these…

Read
graphic of file folders emerging from computer screen

How to Set Up a Quick, Simple WebDAV Server for Remote File Sharing

June 8, 2018

Dropping payloads to disk is often risky, not only from an Operations Security (OPSEC) standpoint, but it’s also more likely to trigger AV. To avoid exposing ourselves to these risks, it’s often more desirable to reference a file from a remote location. One method of doing this is to make use of WebDAV, a service…

Read

Web Application Security in a Large Organization – Knowing What You Don’t Know…

June 22, 2015

As news of a new breach appears almost daily anymore, one has to wonder if their organization may be next. Having the opportunity to help organizations of all sizes and lines of business, there are many different struggles that each may face. Some of the organizations are new to a security program, know they need…

Read

Steps to Make a Web Application Hacker’s Life Harder

April 4, 2014

Following are a few (and brief) guidelines to make a webapp pentester’s life measurably harder. Server-side Input Validation– Input validation that is enforced on the server side runs its own validation checks against the user input to determine whether or not it is “safe”, and contains disallowed characters. This type of validation is nearly impossible…

Read

Java 7 Update 21 – Applet Security Change Analysis

April 23, 2013

Oracle’s most recent update to Java 7 addresses 42 security flaws has 19 which are considered “critical” and a 10 ranking. In addition to the security fixes, Oracle has been attempting to fix the self signed framework for applets to make them appear less trusted. If you are familiar with the Social-Engineer Toolkit – the…

Read
  • Browse by Category

  • Clear Form