Security Testing & Analysis – Page 9

The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 1

Posted on October 27, 2020 by Nathan Noll

They say, “Everything old is new again.” Or, if you are a Game of Thrones fan, “What is dead may never die.” For me, however, a mentor once told me, “Everyone is going forward. I’m going backward.” Enter NetSync… I find Twitter to be a good source for InfoSec tactics, techniques, and procedures (TTPs). Anytime…

The post The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 1 appeared first on TrustedSec.

Continue reading The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 1→

The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 2

Posted on October 27, 2020 by Nathan Noll

This is a continuation of The Tale of the Lost, but not Forgotten, Undocumented NetSync (part 1) and in this section, we will look to answer: What are Some Early Indicators to Detect NetSync at the Host-based Level? What are Some Possible Controls to Deter NetSync? In an accompanying blog post, Wes Lambert (@therealwlambert) steps…

The post The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 2 appeared first on TrustedSec.

Continue reading The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 2→

Intro to Web App Security Testing: Logging

Posted on October 1, 2020 by Amanda Mates

A Brief Look at Approaches to Logging and Pitfalls to Avoid TL;DR The Logger++ extension is a great tool for recording requests and responses across all of Burp Suite. However, it is important to ensure enough log entries are retained from the tools you expect and that logs are exported if you want to keep…

The post Intro to Web App Security Testing: Logging appeared first on TrustedSec.

Continue reading Intro to Web App Security Testing: Logging→

Setting the ‘Referer’ Header Using JavaScript

Posted on September 29, 2020 by Amanda Mates

Or, “I’m Sorry, You Said You’re from Where Again?” In a prior webinar on creating weaponized Cross-Site Scripting (XSS) payloads, I mentioned that XSS payloads (written in JavaScript) could not change the HTTP Referer header. Malicious requests made through an XSS payload will often have an unexpected Referer header that does not generally make sense…

The post Setting the ‘Referer’ Header Using JavaScript appeared first on TrustedSec.

Continue reading Setting the ‘Referer’ Header Using JavaScript→

Azure Account Hijacking using mimikatz’s lsadump::setntlm

Posted on September 23, 2020 by Nathan Noll

Not long ago, I was on an engagement where the client made use of a hybrid Office 365 environment. In their setup, authentication credentials were managed by the on-premises Active Directory (AD) Domain Controller and then synced to Azure AD via Azure AD Connect. We were tasked with gaining access to sensitive customer information. And…

The post Azure Account Hijacking using mimikatz’s lsadump::setntlm appeared first on TrustedSec.

Continue reading Azure Account Hijacking using mimikatz’s lsadump::setntlm→

Weaponizing Group Policy Objects Access

Posted on September 17, 2020 by Nathan Noll

Recently, I was on an engagement where I discovered I had plaintext credentials to an account that could modify Active Directory Group Policy Objects (GPOs). This proved to be a fun challenge, as Group Policy files and properties can be bent to our will even when hacking through a straw (SOCKS only, in this case)….

The post Weaponizing Group Policy Objects Access appeared first on TrustedSec.

Continue reading Weaponizing Group Policy Objects Access→

So, You Got Access to a *nix system… Now What?

Posted on September 1, 2020 by Nathan Noll

Note to Reader: For simplicity, I will be referring to all Unix, Linux, and other Unix-like systems simply as *nix, unless a specific distinction needs to be made. As a pentester, you will likely come across a *nix system at some point. If you are like many of the people I have worked with and…

The post So, You Got Access to a *nix system… Now What? appeared first on TrustedSec.

Continue reading So, You Got Access to a *nix system… Now What?→

One Size Doesn’t Fit All: Penetration Testing Maturity

Posted on August 11, 2020 by Nathan Noll

As the security industry continues to progress, companies are focusing on their own security programs, trying to figure out what works and what doesn’t. One of the areas of focus that goes to the early days of the security industry is penetration testing. Penetration testing has always been a validation method to identify exposures and…

The post One Size Doesn’t Fit All: Penetration Testing Maturity appeared first on TrustedSec.

Continue reading One Size Doesn’t Fit All: Penetration Testing Maturity→

Malicious Macros for Script Kiddies

Posted on August 4, 2020 by Nathan Noll

Introduction Macros seem like the new hotness amongst hackers, but I thought macros were just simple scripts that some accountant in finance used to simplify their spreadsheets. How can I use and abuse these things to Hack the Planet and rule the world? How can something designed in the 90s still be relevant? In previous…

The post Malicious Macros for Script Kiddies appeared first on TrustedSec.

Continue reading Malicious Macros for Script Kiddies→

Thycotic Secret Server: Offline Decryption Methodology

Posted on July 28, 2020 by Nathan Noll

On offensive engagements, we frequently encounter centralized internal password managers that are used by various departments to store incredibly sensitive account information, such as Domain Admin accounts, API keys, credit card data, the works. It used to be that these systems were implemented without multi-factor authentication. “Hacking” them was as simple as finding somebody that…

The post Thycotic Secret Server: Offline Decryption Methodology appeared first on TrustedSec.

Continue reading Thycotic Secret Server: Offline Decryption Methodology→