Collaborate Disseminate
Introduction Let’s say an ‘Administrator’ lands on a target network host and wants to look around and ‘administer’ the system without uploading any new tools… How can I do that without burning any of my Script Kiddie tools? WMI or Windows Management Instrumentation or Windows Managed Infrastructure is an interface for managed components that provides…
The post WMI for Script Kiddies appeared first on TrustedSec.
1.1 Intro I spent my early IT career working for a Cisco partner that specialized in Cisco phone systems. My work wasn’t directly with the phone systems, but it was usually in an adjacent field like route/switch and security. I did, however, get to see my share of networks that used Cisco phone systems. Today,…
The post SeeYouCM-Thief: Exploiting common misconfigurations in Cisco phone systems appeared first on TrustedSec.
Continue reading SeeYouCM-Thief: Exploiting common misconfigurations in Cisco phone systems
I briefly mentioned using DKIM to verify an email’s sender in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into how organizations can help stop email spoofing using a combination of three…
The post Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC appeared first on TrustedSec.
Continue reading Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC
I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and…
The post Real or Fake? How to Spoof Email appeared first on TrustedSec.
1.0 Introduction On Friday, December 10, 2021, Charlie Clark (@exploitph) published a blog post detailing the weaponization of CVEs 2021-42287 and 2021-42278. In the blog post, Charlie extensively covered the background of the vulnerabilities, how the vulnerabilities were weaponized into Rubeus, with help from Ceri Coburn (@_EthicalChaos_), the full ‘attack chain,’ mitigations, and some detections….
The post An ‘Attack Path’ Mapping Approach to CVEs 2021-42287 and 2021-42278 appeared first on TrustedSec.
Continue reading An ‘Attack Path’ Mapping Approach to CVEs 2021-42287 and 2021-42278
Intro I was at my local Target recently and spotted the section near the video games, where there were some little collectable arcade systems and handhelds that play games like Pac-Man, Galaga, and Contra. Whenever I see these types of systems, I like to pick one up to tear it apart and see what’s inside….
The post Hacking the My Arcade Contra Pocket Player – Part I appeared first on TrustedSec.
Continue reading Hacking the My Arcade Contra Pocket Player – Part I
In “Persistence Through Service Workers—PART 2: C2 Setup and Use,” we demonstrated setting up the Shadow Workers C2 server and how to add both the service worker JavaScript and what Shadow Workers calls the “XSS Payload” JavaScript to the target application. In the example, we didn’t load the “XSS Payload” through a cross-site scripting vulnerability….
The post Persistence Through Service Workers-Part 3: Easy JavaScript Payload Deployment appeared first on TrustedSec.
Continue reading Persistence Through Service Workers-Part 3: Easy JavaScript Payload Deployment
THIS POST WAS WRITTEN BY @NYXGEEK I decided to write this blog because I’ve seen a lot of articles mentioning that attackers will use a malicious OAuth web app with Azure AD, but I hadn’t actually seen much in the way of good examples of doing so. I’m sure I will find a dozen fantastic examples…
The post Creating a Malicious Azure AD OAuth2 Application appeared first on TrustedSec.
Continue reading Creating a Malicious Azure AD OAuth2 Application
In Part 1 of this 2-part blog, we provided an overview of service workers and created an appropriate target application to exploit using Shadow Workers. In this blog post we’ll build our C2 server in Digital Ocean and use Shadow Workers to exploit the target application. It is highly recommended to read Part 1 prior…
The post Persistence Through Service Workers—Part 2: C2 Setup and Use appeared first on TrustedSec.
Continue reading Persistence Through Service Workers—Part 2: C2 Setup and Use
During a recent discussion about achieving persistence on a web server, someone suggested that I explore using browser service workers. As I began reading about what service workers do, the possibilities for Red Team applications seemed intriguing. But first, I had to find out…what exactly is a service worker? In their efforts to make web…
The post Persistence Through Service Workers—Part 1: Introduction and Target Application Setup appeared first on TrustedSec.