Guides
This is a super-fast blog to show how to crack sshkeys with JohnTheRipper from Kali VM.
Create a key
ssh-keygen Read more “Cracking an SSH key with John the Ripper (JTR)”
Guides
Ever wanted to run honeypots all over the world but don’t want to deploy actual servers, or psudo servers everywhere? Ever wanted to run a C2 server but don’t want to expose your own IP and want a pool of redirectors? Well here’s a quick look at using SOCAT to forward HTTPS traffic from a VPS to a backend web server.
Create a linux virtual machine in a cloud services provider: Read more “Redirecting Traffic with SOCAT”
Defense
Remote management and monitoring (RMM) and other remote access solutions are fantastic for enabling remote support of environments. Like most things in life though the intent of the user changes the tool from a force for good to a weapon of evil (I hate the use of the word weapon with software but it’s a blog so I’ll self-cringe).
The kill chain in the attack outlind by sophos isn’t one that you will be suprised at:
What might shock you more is the speed at which this was conducted. It’s not months or weeks, it’s hours and days (see the Sophos blog for more details!)
Remote access tools being abused isn’t a new thing but following a great writeup (https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/?cmp=30728) of a Conti kill chain from Sophos Labs I figured I’d try and raise more awareness of some of the threats that organisations face, and the reality that defending against all threats is actually quite difficult for a lot of organisations (hell it’s technically not simply for anyone!) Read more “Would you know if these remote access tools were being used in your network environment?”
Strategy
As technology becomes more and more embedded into our lives, into our businesses and into our realities, you must wonder why it’s so hard for some to adapt to the changes this brings.
With more connectivity, with more services online, with more systems connected and with people wanting always on, always available services you must consider the realities of technology management in today’s world.
Is it right to expect your systems to be online 24/7 365 days a year? Do your staff want flexibility? Do you operate services which are exposed to the internet? Not only is keeping the services online (and well maintained) a consideration, how do you keep them secure?
System security is probably viewed by many still as something that a monthly hotfix or upgrade looks after. Unfortunately, whilst that might be “got by” in the 90s and early 2000s the reality is that doesn’t work anymore. Read more “Nine to Five in a digital first, always on cyber hellscape!”
Defense
Firstly, you need some Powershell Base64 commands, you could search your security logs or Sysmon logs for these, or simply generate some yourself!
powershell.exe -noprofile -ExecutionPolicy UnRestricted -EncodedCommand bgBlAHQAIAB1AHMAZQByACAAcwBlAGMAYQB1AGQAaQB0ACAAUABAADUANQB3ADAAcgBkADEAMgAzACEAIAAvAEEARABEADsAbgBlAHQAIAB1AHMAZQByACAAcwBlAGMAYQB1AGQAaQB0ACAALwBhAGMAdABpAHYAZQA6AHkAZQBzADsAbgBlAHQAIABsAG8AYwBhAGwAZwByAG8AdQBwACAAYQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzACAALwBhAGQAZAAgAHMAZQBjAGEAdQBkAGkAdAA=
Next, we head over to Cyber Chef!
https://gchq.github.io/CyberChef/
Now we copy the base64 component to the INPUT window:
We add the “From Base64” operation into our RECIPE! Read more “Decoding Powershell Base64 Encoded commands in CyberChef”
Guides
Are you like me and always end up searching for easy stuff that you know but you just can’t remember the syntax all the time?
Well don’t worry I’ve got your back
Read more “Windows admin 101 – Adding a local administrator account from the command line”
Defense
Have you ever wanted to see what would occur in an environment if a worm was a make its way in? I often work with customers to show them about lateral movement from a human operated perspective however sometimes it’s useful for people to visualise this better and to demonstrate what could occur if a worm was set loose. A great tool to help with this is Infection Monkey from Guardicore (https://www.guardicore.com/
The process steps are as follows:
Defense
Ok these are a really simple UAC bypass from a userland GUI perspective. This is about increasing process integrity levels – it’s not about performing LPE from low integrity to high/SYSTEM with no interaction. These clearly work in older version of Windows as well but since Windows 11 will be the current version in the near future I thought it was fun to re-visit these!
And just to be clear, a medium integrity process as an administrator user will have the following privileges:
What we are talking about here is to move to a high integrity process without knowing credentials or having the secure desktop launch. Read more “Windows 11 Privilege Escalation via UAC Bypass (GUI based)”
Strategy
People band strategy around like it’s some sort of mythical beast that requires no knowledge of the subject involved but is done by wizards and executives (it’s just done by people, but I digress) so I thought I’d talk about strategy development.
Now forewarning you might come out of this post thinking… there must be something else… something you are missing as Dan’s not showing any secret magic…. Often what is commonly lacking when looking at strategic execution is effective communication, consensus, and marathon like commitment to deliver on said goals and objectives. Why? Because that part is really, really, hard, if it wasn’t we’d all be sipping Bollinger in the Bahamas.
If your first thoughts are to run to Sun Tzu or grab an ISO27001 document then you should probably pause, grab a tea, and take a breath. In my experience cyber security is:
People often think that a framework, guide, or standard will give them the answers. Sure, they are often useful tools to help, hell the domain of cyber is broad as hell and there’s so much to do and often so little time, so job aides and not re-inventing the wheel is a good thing, that doesn’t however just mean that with documents you will be in a good position. Read more “Cyber Strategy Magic”
Defense
“And I looked and behold a pale horse: and his name that sat on him was Death, and Hell followed with him.”
Firstly, Kudos to @j0nh4t for finding this!
I woke up this morning to see twitter fun with a LPE discovered in the Razer driver installation. Basically, when you plug a Razer mouse into a Windows machine, it will download (via windows update) and execute a process as system which has user interaction. This interface includes an install path selector, with this a right click + SHIFT (LULZ) on whitespace will allow you to launch a command prompt/PowerShell window (as SYSTEM).
