Security Testing & Analysis – Page 4

Pwnton Pack: An Unlicensed 802.11 Particle Accelerator

Posted on May 24, 2022 by Jessica Sheneman

This past Christmas, I received a terrific gift from my in-laws: a replica Ghostbusters Proton Pack. I was thrilled. You see, growing up in the mid 80s, Ghostbusters was my jam. Fast forward 37 years and with the recent Ghostbusters: Afterlife film release, my nostalgia was hitting a fever pitch. Shortly after our Christmas dinner,…

The post Pwnton Pack: An Unlicensed 802.11 Particle Accelerator appeared first on TrustedSec.

Continue reading Pwnton Pack: An Unlicensed 802.11 Particle Accelerator→

Splunk SPL Queries for Detecting gMSA Attacks

Posted on May 20, 2022 by Nathan Noll

1 Introduction What is a group Managed Service Account (gMSA)? If your job is to break into networks, a gMSA can be a prime target for a path to escalate privileges, perform credential access, move laterally or even persist in a domain via a ‘golden’ opportunity. If you’re an enterprise defender, it’s something you need…

The post Splunk SPL Queries for Detecting gMSA Attacks appeared first on TrustedSec.

Continue reading Splunk SPL Queries for Detecting gMSA Attacks→

Putting the team in red team

Posted on May 16, 2022 by Nathan Noll

One of the more common questions we receive during a red team scoping call or RFP Q&A call is, how many dedicated consultants will be involved in the assessment? There is no “correct” answer to this question, and ultimately, the answer as to how red team engagements are staffed comes down to how the consultancy…

The post Putting the team in red team appeared first on TrustedSec.

Continue reading Putting the team in red team→

Diving into pre-created computer accounts

Posted on May 10, 2022 by Nathan Noll

I was on an engagement where I simply could not elevate privileges, so I had to become creative and look deep into my old bucket (bucket being my head) of knowledge, and this resulted in some fun stuff. I had found that the client had a vulnerable certificate template also known as ESC1 that allowed…

The post Diving into pre-created computer accounts appeared first on TrustedSec.

Continue reading Diving into pre-created computer accounts→

Diving into pre-created computer accounts

Posted on May 10, 2022 by Nathan Noll

The post Diving into pre-created computer accounts appeared first on TrustedSec.

Continue reading Diving into pre-created computer accounts→

ELFLoader: Another In Memory Loader Post

Posted on May 4, 2022 by Nathan Noll

Intro Now that BOFs are commonplace for Windows agents, some people have talked about wanting a non-Windows only version. In this blog post, we’ve got something for you: the same thing but for Linux/Mac. The process of building in memory loaders are the same, no matter the file format type. In this case, we’ll just…

The post ELFLoader: Another In Memory Loader Post appeared first on TrustedSec.

Continue reading ELFLoader: Another In Memory Loader Post→

g_CiOptions in a Virtualized World

Posted on May 2, 2022 by Nathan Noll

With the leaking of code signing certificates and exploits for vulnerable drivers becoming common occurrences, adversaries are adopting the kernel as their new playground. And with Microsoft making technologies like Virtualization Based Security (VBS) and Hypervisor Code Integrity (HVCI) available, I wanted to take some time to understand just how vulnerable endpoints are when faced…

The post g_CiOptions in a Virtualized World appeared first on TrustedSec.

Continue reading g_CiOptions in a Virtualized World→

Defending the Gates of Microsoft Azure With MFA

Posted on April 26, 2022 by Amanda Mates

Since Russia’s invasion of Ukraine, companies based in the United States have been on alert for potential cyberattacks on IT infrastructure. Multi-Factor Authentication (MFA) has been one of the most recommended settings for organizations to turn on. Recently, the White House issued a FACT SHEET on how organizations can protect themselves against potential cyberattacks from…

The post Defending the Gates of Microsoft Azure With MFA appeared first on TrustedSec.

Continue reading Defending the Gates of Microsoft Azure With MFA→

Persisting XSS With IFrame Traps

Posted on April 14, 2022 by Nathan Noll

XSS Iframe Traps Longer Running XSS Payloads An issue with cross-site scripting (XSS) attacks is that our injected JavaScript might not run for an extended period of time. It may be a reflected XSS vulnerability where we’ve tricked our user into clicking a link, but when they land on the page where we were able…

The post Persisting XSS With IFrame Traps appeared first on TrustedSec.

Continue reading Persisting XSS With IFrame Traps→