Category Archives: penetration-test

Is it possible to achieve persistence in Windows through using WinLogon without touching userinit, notify, or shell keys?

Posted on by

I am interested in finding out if it is possible to achieve persistence through winlogon without using one of those 3 mentioned keys. I am trying to determine if it’s safe to ignore registry key entries made into Winlogon parent directory…. Continue reading Is it possible to achieve persistence in Windows through using WinLogon without touching userinit, notify, or shell keys?

How can I test if/how STIR/SHAKEN is working on my incoming calls? Both for detecting spoofed caller ID AND [bad sources]

Posted on by

How can I test if/how STIR/SHAKEN is working on my incoming calls? Both for detecting spoofed caller ID AND calls from disreputable (NON-‘A’ attestation) service providers/carriers/sources.

I’m looking for something vaguely like https://www.internetbadguys.com/ , https://dnsleak.com , OpenDNS/Cisco Umbrella list … 1-800-MY-ANI-IS (which, sadly, no longer works and is now a sleazy marketer), …

I’m getting a ton of harassing, spoofed phone calls, and the bulk of them appear to be criminal enterprises discussed in this FCC filing. My phone #s are all already on do not call lists, such as https://www.donotcall.gov/. I’m already using a HiYa-based anti spam call app.

Relevant/research so far:

“Overseeing STIR/SHAKEN implementation is the Secure Telephone
Identity Governance Authority (STI-GA), a governing body comprising
service providers representing every segment of the industry, as well
as an administrator, and a technical committee. This board sets up the
Policy Administrators (PAs) that authorize service providers’ ability
to get a token and approve certificates to make sure calls can be
authenticated and exchanged with other carriers.

To date, fifty-five service providers have registered with the STI-PA
to be able to sign their calls with STIR/SHAKEN authentication.

Approximately 15 [major] carriers publicly announced they’re deploying STIR/SHAKEN in parts of their network [=] 70% of all active phone numbers in the U.S.

Neustar [provides] the ATIS Robocalling Testbed.

ATIS serves as the industry interoperability test facility to validate the effectiveness of caller authentication standards developed by the Internet Engineering Task Force (IETF) and ATIS.

“STIR/SHAKEN will only confirm that a call is not spoofed,” said Linda

(I think this is false/misleading.)

Specifically, the working group recommended monitoring subscriber traffic patterns to identify behaviors consistent with illegal robocalling and take action when illegal robocalling campaigns are identified.

[E]nterprises can let < sic > consumers which calls to trust

provid[e] more context and identif[y] details on legitimate phone calls, along with a check mark that shows the call has been authenticated

I feel I’m getting far MORE spoofed and spam phone calls since STIR/SHAKEN has gone into effect. This year, the number of spam SMS has gone from none for months to multiple per week.

Continue reading How can I test if/how STIR/SHAKEN is working on my incoming calls? Both for detecting spoofed caller ID AND [bad sources]

Why is the first step for an attacker to get Reverse Shell after getting RCE?

Posted on by

If someone is having a Remote Code Execution, that means, one can run the commands on the server, then why does he need to get the Reverse Shell?
Even though I can run system commands, then why do I go for Reverse Shell?
I am finding the p… Continue reading Why is the first step for an attacker to get Reverse Shell after getting RCE?

How to start pentesting/reverse engineering/cracking a software on Linux? (Docker based)

Posted on by

TL:DR; What are good learning resources for security testing a software which runs with Docker on Ubuntu.
I am in junior position at this company, and they figured it would be good if I just test their software from security perspective. I… Continue reading How to start pentesting/reverse engineering/cracking a software on Linux? (Docker based)