Abuse

Attacking smart cards in active directory

26 March 2020 ~8 min By Hector Cuesta
Abuse Active Directory Research Smartcards Windows Windows Events Forgery Impersonation Smartcard
Introduction Recently, I encountered a fully password-less environment. Every employee in this company had their own smart card that they used to login into their computers, emails, internal applications and more. None of the employees at the company had a password at all – this sounded really cool. In this post I will detail a technique used to impersonate other users by modifying a User Principal Name (UPN) on an Active Directory domain that only uses smart cards.

USaBUSe Linux updates

10 March 2017 ~5 min By Rogan Dawes
Abuse Backdoor Build-It Conferences Empire Exploit Hardware Internals Linux Metasploit Programming Real-World Research Shells Tunnelling
(If you’re new to this project, read the intro first) For the past few months, I’ve been working on porting the USaBUSe stack from the custom hardware (AVR+ESP8266) to the Linux USB gadget stack. I wanted to make the techniques more accessible to people unfamiliar with embedded development, and I also wanted to take advantage of the variety of possibilities inherent in having a fully featured Linux environment to work in. I presented this work at HackCon in Norway.