Conferences
we’re going to bsides cape town 2023
Arguably one of the largest hacking conferences in South Africa, BSides Cape Town 2023 is around the corner and the SensePost Team is there with a jam packed agenda demonstrating our latest research (with five talks), challenges and more! In this post, I’ll summarise what you can expect. For timing related information, check out the schedule here. Be sure to come and say hi at our stand in the chill area too.
Szensecon Discord Bot
We have written a lot about SenseCon by now, but there is one more thing we can talk about! In this post I want to detail the Discord bot and associated challenges that we built. We were going to use Discord as our main communication channel and wanted a way to ensure that it was only accessible to Orange Cyberdefense hackers in an automated way.
This was a good opportunity to look into writing a Discord bot. If you are looking for the source code, you can find it here.
Pentesting Enterprise Infrastructure – Journeyman Level
Sophisticated attacks aim to hide from endpoint solutions
Advanced hacking.
Expert approaches
We are inundated by advanced this, expert that, when it comes to hacking and hacking training. When a breach occurs, the media portray it as some epic hack that mere mortals would struggle to comprehend, when in reality it’s actually a run of the mill SQLi attack. Often it’s not advanced, but makes use of a series of vulnerabilities chained together, using Tactics, Techniques and Procedures (TTP) often used by attackers when owning networks.
Womens Training Scholarship
SensePost and BlackHat are proud to announce a new scholarship initiative for a woman in the information security field. The scholarship will include a ticket to Black Hat USA 2017 in Las Vegas, complimentary access to one of our training courses, airfare, and accommodation.
The scholarship will be awarded to a woman who demonstrates a strong desire to hone her InfoSec skills (more below).
How To Enter?
To enter, send us reasons as to why you believe *you* should attend one of our training courses and Blackhat USA. This could be in the form of an essay, examples of projects you are working on, stuff you’ve built or building or generally anything you think supports your claim for a place.
USaBUSe Linux updates
(If you’re new to this project, read the intro first)
For the past few months, I’ve been working on porting the USaBUSe stack from the custom hardware (AVR+ESP8266) to the Linux USB gadget stack. I wanted to make the techniques more accessible to people unfamiliar with embedded development, and I also wanted to take advantage of the variety of possibilities inherent in having a fully featured Linux environment to work in. I presented this work at HackCon in Norway.
XRDP: Exploiting Unauthenticated X Windows Sessions
In this blog post we are going to describe some tools we created to find and exploit unauthenticated X Windows sessions. We recently presented these at BSides Cape Town.
What is X11? X also known as the X Window System is currently in its 11th version, hence the name X11. X is a basic windowing system which provides a framework for drawing and moving windows on a display device as well as interaction with a mouse and keyboard. X uses a client-server model, with the server being the computer running in front of a human user and the X client applications running anywhere on the network. This contradicts the normal view of a client-server model, where the server is running at a remote location and the client is running in front of the user. In short, X plays a central role in displaying graphical windows on a users terminal. The major use of X is for administering remote machines graphically (similar to a remote desktop session), however X only displays one window at a time. An example being an xterm (terminal) window.
Rattler:Identifying and Exploiting DLL Preloading Vulnerabilities
In this blog post I am going to describe a new tool (Rattler) that I have been working on and discuss some of the interesting anomalies found while building it. Rattler can be found on our Github repo and was recently discussed at BSides Cape Town.
What is Rattler? Rattler helps identify which application DLL’s are vulnerable to DLL preloading attacks. In a nutshell, DLL preloading attacks allow you to trick applications into loading and executing malicious DLL’s. DLL preloading attacks can result in escalation of privileges, persistence and RCE in some cases. While preloading attacks are nothing new, there were some interesting results found. For more information on DLL security, I found this link to be helpful.
PwnBank en route to Vegas
Everyone has a mobile phone (ok some have two) and the wealth of information people put into them is staggering. This single platform gives attackers an incredibly large attack surface area to target, so it’s no surprise we *love* owning mobile devices.
With this in mind, the countdown to Blackhat USA has begun and we will be launching our latest iteration of the Mobile hacking course to the eager and thirsty minds that find themselves at the sensory circus that is Las Vegas!
DET – (extensible) Data Exfiltration Toolkit
Often gaining access to a network is just the first step for a targeted attacker. Once inside, the goal is to go after sensitive information and exfiltrate it to servers under their control.
To prevent this from occuring, a whole industry has popped up with the aim of stopping exfiltration attacks. However, often these are expensive and rarely work as expected. With this in mind, I created the Data Exfiltration Toolkit (DET) to help both penetration testers testing deployed security devices and those admins who’ve installed and configured them, to ensure they are working as expected and detecting when sensitive data is leaving the network.
AutoDane at BSides Cape Town
Given the prevalence of Microsoft Active Directory domains as the primary means of managing large corporate networks both globally and in South Africa specifically; one of the common first goals of many internal penetration tests is to get Domain Administrator (DA) level access. To assist with this, a plethora of tools and techniques exist, from the initial “in” through to elevation of privilege and eventually extracting and cracking all domain credentials.
Page 1 of 10
Next