2018
Cracking Efficiency Measurements & Common Substring Attack
This was an epic week for password cracking, we had lots of new hashes and lots of competition to see who could crack the most the fastest.
BLUF: I put together a cracking technique, and tested it against other techniques, generating some insight into the best performing cracking techniques. Rockyou with hob064 rules won, but my technique came a close second, and had a faster crack speed. Get the script here.
Linux Heap Exploitation Intro Series: Set you free() – part 1
Intro (part 1) Hello and welcome to the final post of our Intro to exploitation series! We have learned the basics about how the memory management as per the ptmalloc2 allocator works. It was a basic but enough approach to have a good starting point. However, there are a few concepts and attack scenarios that, due to existing a lot of information about these, I have kept long distance from “unsafe unlink“, “malloc (des)malleficarum” and techniques alike. These weren’t either basic enough or outdated and wanted to learn and note down the most basic and known exploit primitives: Use-after-invalidation (incl. Use-after-free), overflows (incl. Off-by-one) and double-free.
tip toeing past android 7’s network security configuration
In late Jan, someone opened an Github issue in the objection repository about Android 7’s Network Security Configuration. The issue author included a blogpost from the NCC group about this very topic which included some very helpful bits of information (which you should totally read).
Naturally, I wanted to enhance objection to be able to get past this new security feature, so the testing began. I installed a Burp CA as one would normally do for assessments as well as a small test application with certificate pinning disabled and quickly realised that literally no network traffic was passing through. Inspecting the output of adb logat, one would see messages such as the following for our failed requests:
Fixing up Net-Creds
TL; DR: I fixed-up net-creds and MITMf to solve the CHALLENGE NOT FOUND bug.
A while back on an internal assessment, I was having a hard time getting a high-privileged user account.
This was the third assessment SensePost has done for the client, and they have implemented several of our recommendations. In particular, Responder wasn’t providing me with any hashes even though I was connected to the same network segment as several users, including some administrators. The client has a strict policy of only using the latest operating systems, i.e. Windows 10, and had disabled NBNS and LLMNR.
5 Min Security: Popular Phishing Techniques in 2017/2018
This article is for non-technical people who want to keep themselves and their companies safe from realistic threats. Short and sweet.
In 2017 we saw a number of phishing techniques used successfully. This was largely due to the release of a handful of highly effective methods which are still being used. In this article we’ll cover what these are.
Dynamic Data Exchange (DDE) Payloads – CVE-2017-0199 / CVE-2017-8759 A technique that results in remote access without the use of macros. DDE is a protocol in MS Office products which allows applications to share data between each other. Some functions provided by this protocol allow the execution of commands, which can be abused by attackers to download malware.
Prev
Page 2 of 2