Skip to content
PwnDefend
  • Base
  • Comms Room
    • Customer Feedback
    • Company Information
    • Security Management
  • Services
    • Consulting Services
      • Enterprise Security Posture Assessment
      • Cyber Security Assurance & Security Testing Services
      • IT Security Healthchecks
      • Active Directory Assessment Services
      • Managed Remediation Services
    • Emergency Cyber Incident Response Support
    • Our Success Stories
    • Partner Services
  • Blog
  • Privacy
Guides

Cracking an SSH key with John the Ripper (JTR)

This is a super-fast blog to show how to crack sshkeys with JohnTheRipper from Kali VM.

Graphical user interface, text

Description automatically generated

Create a key

ssh-keygen Read more “Cracking an SSH key with John the Ripper (JTR)” →

Guides

Redirecting Traffic with SOCAT

Ever wanted to run honeypots all over the world but don’t want to deploy actual servers, or psudo servers everywhere? Ever wanted to run a C2 server but don’t want to expose your own IP and want a pool of redirectors? Well here’s a quick look at using SOCAT to forward HTTPS traffic from a VPS to a backend web server.

Process

Create a linux virtual machine in a cloud services provider: Read more “Redirecting Traffic with SOCAT” →

Defense

Would you know if these remote access tools were…

Introduction

Remote management and monitoring (RMM) and other remote access solutions are fantastic for enabling remote support of environments. Like most things in life though the intent of the user changes the tool from a force for good to a weapon of evil (I hate the use of the word weapon with software but it’s a blog so I’ll self-cringe).

Kill Chain Summary

The kill chain in the attack outlind by sophos isn’t one that you will be suprised at:

  • Initial access was via a known software vulnerability (unpatched Exchange server)
  • The attackers dropped a web shell
  • The attackers had SYSTEM level access
  • The attackers dumped memory to obtain hashes
  • The hashes were cracked (they escalated to domain admin)
  • 7 (yes seven!) backdoors were implaneted into the target network (hence this blog post)
  • Lateral movement was made to domain controllers
  • Large volumes of data were exfiltrated
  • The rest of the environment was then pwn3d

What might shock you more is the speed at which this was conducted. It’s not months or weeks, it’s hours and days (see the Sophos blog for more details!)

Conti Actors Remote Access Toolkits

Remote access tools being abused isn’t a new thing but following a great writeup (https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/?cmp=30728) of a Conti kill chain from Sophos Labs I figured I’d try and raise more awareness of some of the threats that organisations face, and the reality that defending against all threats is actually quite difficult for a lot of organisations (hell it’s technically not simply for anyone!) Read more “Would you know if these remote access tools were being used in your network environment?” →

Strategy

Nine to Five in a digital first, always on…

We never used to have to worry

As technology becomes more and more embedded into our lives, into our businesses and into our realities, you must wonder why it’s so hard for some to adapt to the changes this brings.

With more connectivity, with more services online, with more systems connected and with people wanting always on, always available services you must consider the realities of technology management in today’s world.

Is it right to expect your systems to be online 24/7 365 days a year? Do your staff want flexibility? Do you operate services which are exposed to the internet? Not only is keeping the services online (and well maintained) a consideration, how do you keep them secure?

System security is probably viewed by many still as something that a monthly hotfix or upgrade looks after. Unfortunately, whilst that might be “got by” in the 90s and early 2000s the reality is that doesn’t work anymore. Read more “Nine to Five in a digital first, always on cyber hellscape!” →

chopping vegetables Defense

Decoding Powershell Base64 Encoded commands in CyberChef

Firstly, you need some Powershell Base64 commands, you could search your security logs or Sysmon logs for these, or simply generate some yourself!

powershell.exe -noprofile -ExecutionPolicy UnRestricted -EncodedCommand bgBlAHQAIAB1AHMAZQByACAAcwBlAGMAYQB1AGQAaQB0ACAAUABAADUANQB3ADAAcgBkADEAMgAzACEAIAAvAEEARABEADsAbgBlAHQAIAB1AHMAZQByACAAcwBlAGMAYQB1AGQAaQB0ACAALwBhAGMAdABpAHYAZQA6AHkAZQBzADsAbgBlAHQAIABsAG8AYwBhAGwAZwByAG8AdQBwACAAYQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzACAALwBhAGQAZAAgAHMAZQBjAGEAdQBkAGkAdAA=

Next, we head over to Cyber Chef!

https://gchq.github.io/CyberChef/

Graphical user interface, text, application, email

Description automatically generated

Now we copy the base64 component to the INPUT window:

Graphical user interface, text, application, Word

Description automatically generated

We add the “From Base64” operation into our RECIPE! Read more “Decoding Powershell Base64 Encoded commands in CyberChef” →

Graphical user interface, text Description automatically generated Guides

Windows admin 101 – Adding a local administrator account…

Are you like me and always end up searching for easy stuff that you know but you just can’t remember the syntax all the time?

Well don’t worry I’ve got your back

Text

Description automatically generated Read more “Windows admin 101 – Adding a local administrator account from the command line” →

Posts navigation

1 2 3

Recent Posts

  • Protective DNS (PDNS) by NCSC UK adds UK schools
  • Cisco IOS XE Incident Update
  • No one is responsible for your OWN Cyber Defences other than you! 
  • The Manual Version 2.0
  • Cyber Security for PC Gamers

Recent Comments

  1. The Week in Ransomware – May 26th 2023 – Cities Under Attack - Shackle Media on The Manual Version 2.0
  2. The Week in Ransomware – May 26th 2023 – Cities Under Attack – Source: www.bleepingcomputer.com - CISO2CISO.COM & CYBER SECURITY GROUP on The Manual Version 2.0
  3. The Week in Ransomware - Might twenty sixth 2023 - Computer Depot | Best & Reliable Computer Repair - O'Fallon on The Manual Version 2.0
  4. The Week in Ransomware - Could twenty sixth 2023 - Anedejo on The Manual Version 2.0
  5. The Week in Ransomware - May 26th 2023 - Tech World4uu on The Manual Version 2.0

Archives

  • November 2023
  • October 2023
  • August 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • March 2020
  • February 2020
  • January 2020
  • October 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018

Categories

  • Architecture
  • Breach
  • Company News
  • CTF
  • Defence
  • Defense
  • Education
  • Fiction
  • Getting into Cyber
  • Guides
  • Hacking
  • IOT
  • Leadership
  • News
  • OSINT
  • Reviews
  • Strategy
  • Threat Intel
  • Uncategorized
  • Vulnerabilities
Copyright (c) Xservus Limited