NetScaler Remote Code Execution Forensics

With the recent Citrix ADC (NetScaler) CVE-2019-19781 Remote Code Execution vulnerability, the TrustedSec Incident Response team has been working closely with our offensive and research teams as they created a working exploit. This has allowed us to create a list of locations and indicators to search for on potentially compromised Citrix ADC hosts. Based on…

The post NetScaler Remote Code Execution Forensics appeared first on TrustedSec.

Continue reading NetScaler Remote Code Execution Forensics

Critical Exposure in Citrix ADC (NetScaler) – Unauthenticated Remote Code Execution

On December 17, 2019, Citrix released a critical advisory that allows for remote code execution. Advisories like these come out often for organizations, and critical exposures are nothing new for any company. However, when digging into the remediation step details, this advisory gave a substantial amount of information on the exploit itself. What makes this…

The post Critical Exposure in Citrix ADC (NetScaler) – Unauthenticated Remote Code Execution appeared first on TrustedSec.

Continue reading Critical Exposure in Citrix ADC (NetScaler) – Unauthenticated Remote Code Execution

Rekt by the REX

The request-to-exit (REX) passive infrared (PIR) sensor. You know the one. Spray canned air or smoke in its face, it becomes disoriented and unlocks the door. Spit a mist of alcohol in its face, it gets a buzz and unlocks the door. The butt of many “jokes” for how easily it provides unauthorized entry, but…

The post Rekt by the REX appeared first on TrustedSec.

Continue reading Rekt by the REX

SELinux and Auditd

In this blog post, I will discuss SELinux and Auditd, how to use them, how to determine what the default policies are doing, and how to add new ones. For those who do not know what SELinux is, it stands for Security-Enhanced Linux. More details about SELinux can be found in the resources section at…

The post SELinux and Auditd appeared first on TrustedSec.

Continue reading SELinux and Auditd

Automation Testing With Ansible, Molecule, and Vagrant

There is an old rule that if you find yourself doing anything more than twice, you should automate it. For developers, this may be software builds or the environments into which they will be deployed; for penetration testers, it may be the need to create a phishing host or a lab environment for testing. In…

The post Automation Testing With Ansible, Molecule, and Vagrant appeared first on TrustedSec.

Continue reading Automation Testing With Ansible, Molecule, and Vagrant

Playing With Old Hacks

Recently, I was prepping for a session and wanted to show the old hack where you boot into a Windows setup using a USB stick and change out the utilman.exe with cmd.exe. Utilman.exe is the binary behind this icon here on the logon screen: Figure 1 – Icon for Utilman.exe First, follow these instructions to…

The post Playing With Old Hacks appeared first on TrustedSec.

Continue reading Playing With Old Hacks

Discovering the Anti-Virus Signature and Bypassing It

In this post, I am going to go over how to find the specific Anti-Virus signature using manual testing and then show techniques that can be used to bypass them. I am a big fan of LOLBins so we are going to focus on the binary Regsvr32, which is a known binary that can be…

The post Discovering the Anti-Virus Signature and Bypassing It appeared first on TrustedSec.

Continue reading Discovering the Anti-Virus Signature and Bypassing It

Buying Internal Domain Access Again

So, this post is inspired by some very interesting research done by @mubix that you can read about here, as well as this amazing post by Tim Medin here. After reading Mubix’s post, I was whipped into a frenzy and purchased several domains. I realize that these posts are both several years old, but this idea has…

The post Buying Internal Domain Access Again appeared first on TrustedSec.

Continue reading Buying Internal Domain Access Again

Three Most Common Security Flaws (and How to Fix Them)

When it comes to physical security, the most common things we see are hardware vulnerabilities or human error (through social engineering attacks, failure to follow security guidelines, or no knowledge of security protocols). We have successfully broken into everything from locally run neighborhood shops to banks, power plants, hospitals, factories, law firms, and everything in…

The post Three Most Common Security Flaws (and How to Fix Them) appeared first on TrustedSec.

Continue reading Three Most Common Security Flaws (and How to Fix Them)

Tracing DNS Queries on Your Windows DNS Server

During a recent engagement, I successfully deployed a wildcard Domain Name System (DNS) record in conjunction with Responder. Within minutes, a misconfigured host made a query for a non-existent DNS record and was poisoned into connecting to our Responder instance. Unfortunately, the account was privileged enough that domain compromise was achieved. The techniques and tools…

The post Tracing DNS Queries on Your Windows DNS Server appeared first on TrustedSec.

Continue reading Tracing DNS Queries on Your Windows DNS Server