Hi there, and welcome.

Here you will find an infosec-focused place for random thoughts, observations, discoveries and things deemed worthy of sharing.

Stuff

Content that may interest.

Reverse shells via Dart: AV bypass with zero effort

Truth be told, this isn’t really about bypassing AV. “Bypassing AV” would suggest a workflow of creation, execution, detection, analysis, modification, test, etc, which I certainly didn’t employ. The AV agents used by VirusTotal never detected the payload as malicious (nor did the AV product I use) so no bypass was actually required. Read More

COVID-19 notes for CISOs

Are your “coronavirus infosec strategy” Google searches not really returning useful results for you? Worried that any day now you’ll be put on the spot to explain how the infosec team will assure the BCP decisioning that is happening across your organisation as it prepares to respond across multiple complex scenarios around extended remote access requirements, new cloud services and capacity planning? Read More

King-phisher setup

Latest tested version: 1.11.0, server platform: Scaleway VC1S VPS Debian 9.1 64-bit (£5/m), client platform: Kali Linux 2018.1 64-bit VM. Prereqs: Registration DNS control of domain of choice, non-root user with sudo access and SSH certificate authentication configured on VPS server and all packages updated. Read More

WDTV Live SMP Remote Password Reset Exploit

WDTV Live Streaming Media Player release 2.03.20 (and likely earlier) contains a weakness that allows an unauthenticated attacker to change the web management password to a value of their choice. Nothing earth-shattering here, just a failure to validate that a POST request contains the correct validated headers that an authenticated user should have before processing the password reset. Read More

BSides Canberra 2017 CTF

If you’re reading this, there’s a good chance you are considering joining us for what promises to be a pretty fly BSides Canberra Capture The Flag competition in just a few short weeks. The great news is that this CTF has been specially designed to include something for absolutely everyone, no matter whether you’re chalking up your 50th battle or tiptoeing in ‘just to have a look’. Read More

King-phisher 1.5.1 with SSH keys + TLS

With version 1.5.1, we’ve seen a few slight changes to the setup process. Unlike previous tutorials, I’m not going to yabber on as we walk through the setup. If you want background details, reasoning behind choices made or any verbose info on any part of this setup, check out the earlier tutorial or hit me up. Read More

Offensive Security CTP/OSCE Tips

Firstly, this is not a full review of Offensive Security’s Cracking The Perimeter course and the Offensive Security Certified Expert exam/challenge. I just wanted to share details on a tool that I used during the course and exam that helped me stay organised and assisted with my mobility requirements. Read More

LanSweeper 6.022 post-auth arbitrary file upload

I started this thing at work – we call it BugWeek – where a few times a year, the senior staff lock ourselves in my office and go to town on the corporate network. It’s a great way to find exposures that traditional vulnerability scanners don’t pick up, and it helps keep the blue team’s ‘red’ skills fresh. Read More

Gone KingPhishin’ Part 3 – Basic Auth over TLS

Phishing is easy. Effective target phishing isn’t so easy. While there’s a good chance you can get someone somewhere to click a link, it’s harder to get them to enter credentials – sometimes you might be up against a savvy user who won’t take a bite of a hosted piece of phishy bait that’s presented to them in a web form. Read More

BSides Canberra 2016 CTF Write-up: ‘Mr Robot’

The first ever BSides Canberra conference has finished up, and it was an absolute blast. I had the opportunity to contribute to the BSides CTF component by coming up with the Trivia section and creating a boot2root style challenge (aptly named Mr Robot). The challenge had a few stages to complete, resulting in the acquisition of an Android phone hidden in the CTF room which contained a 400 point flag. Read More

PowershellEmpire: 5 minute quick-start guide

PowershellEmpire is basically a post-exploitation framework that utilises the widely-deployed PowerShell tool for all your system-smashing needs. It’s feels quite Metasploity with it text-driven menus, module management and execution functions, but it’s purely for generating PowerShell agents and post-exploitation evilness. Read More

Gone KingPhishin’ Part 1: KingPhisher + BeEF + Digital Ocean + Kali

Running a phishing campaign against your organisation is a good way to educate users against the perils of the inbox, and the open-source King-phisher platform takes care of a lot of those problems when set up correctly. Here’s my quick and dirty configuration that utilises a $10-per-month VPS service to run the campaign. Read More

Pwning Telstra’s ZTE MF91 Pre-paid 4G modem

Apparently, the average person in Australia carries 2.6 devices. For me, the 0.6 is my Telstra Pre-Paid 4G WiFi modem. All the main Aussie telcos have offerings in this space (Telstra/Optus/Vodafone/Virgin Mobile), and the devices provided usually are Huawei, ZTE or Sierra Wireless wifi modems. Several months ago, I decided to give my MF91 a shakedown in the security space – and a bunch of bugs bubbled to the surface fairly quickly. Read More

Walkthrough for Tr0ll: 1

More boot2root fun with yet another pretty basic (but at times frustrating) challenge put together by maleus21 and hosted by the Supreme Leaders of Excellence and Quality Stickers, Vulnhub. While these kinds of hack games don’t typically represent what you may find in a live production environment, often you’re left with a reminder that the dual concepts of thinking outside the box and being eternally flexible in your approach are critical in any engagement. Read More

Walkthrough for Pentester Lab: XSS and MySQL FILE

DEF CON 22 is just a couple of short weeks away and there’s sure to be some CTF fun there, so there’s no better time to brush up on the basics. At Vulnhub, you’ll find a ton of boot2root challenges that cover a wide range of security vulnerabilities. This challenge from the people at Pentester Labs is quite simple – based around cross-site scripting and using MYSQL write file permissions, the goal is to achieve remote code execution. Read More

Review: SQLi Labs (NotSoSecure.com)

Our crew likes to take on a good CTF pretty regularly, and a little while back we saw that the team at NotSoSecure was planning on holding an SQLi CTF in mid-April this year (right around the corner). They also offer access to a VPN containing a ton of SQLi challenges on a variety of backend databases including Postgres, MS SQL 2008 and Oracle – not just the standard MySQL. Read More

Hacking people in business

Just returned home after a quick business trip to the Middle East. The temperature was solid, the trip went smoothly and the delegation achieved what it set out to accomplish. But I was reminded that the operational effectiveness of an enterprise information security program has a strong correlation to the seniority of those who support it in the first instance. Read More

Walkthrough for xerxes: 1

You’re probably here because you want to know about the awesome boot2root xerxes: 1, correct? This was a vulnhub challenge created by @barrebas, and was excellent! So let’s get started. Read More