A recent information disclosure by Microsoft revealed there is a remote code execution vulneability in the SMB3 services (client and server). This vulnerability could be leveraged in a simmilar manner to MSBLASTER/NACHI/WannaCry etc.
This is a CRITICAL vulnerability, yet currently there are no reports of this being exploite in the wild (epect that the change in the near future)
Read more “KB4551762 (CVE-2020-0796)”
I have watched enough technology deployments occur over the last 20 years to have learnt a thing or two. One constant I find is the perception that deploying and technology in a business environment is ‘simple and easy’. However, history and experience teach us that this simply isn’t the case. Whilst working on a project recently I thought I would try and show this in terms of looking at foundational technology and security management capabilities regarding internet presence. In this post I’m going to outline a look at foundational capabilities for Domain Registrar, DNS and internet preens management. Read more “Internet Presence Technology and Security Management”
At the heart of most organisations are a Windows server active directory domain (or multiple of these), yet one of the most common findings when we review organisations security postures are there are significant weaknesses in their active directory deployments, both from an architectural, operational and security perspectives.
Active directory provides a range of functionality to organisations, from authentication, authorisation as well as supporting services such as printer and share listing, DNS, people/information lookups and integration for 3rd party services. It’s the very hub that links most modern networked systems together and now it’s expanded beyond the corporate walls into the cloud with integration into Azure Directory Services as part of Azure or Office 365.
Essentially Active Directory can be considered a castle whereby crown jewels are held! This may be in the form of credentials/identity or by nature of granting access to business systems that hold sensitive data (such as using AD integration to log into an HR or Finance system). Read more “Active Directory Security: Securing the crown jewels with PingCastle 2.8.0.0”
Welcome back to anther post on my Try Hack Me line of blogs!
I realised I missed one of the first steps on the OSCP learning path which is the room: Vulnversity, so I thought I’d circle back and take this one on.
Let’s start off with a PING (ICMP echo) to see if the box is online!
Ping 10.10.209.152 -c 3 Read more “Try Hack Me Review: Part 3 – Vulniversity”
For BSIDES Leeds 2020 we’ve pulled out the stops and created a new CTF game which features both offensive and defensive challenges. The arena includes a number of servers, so you will need to get your pivot on if you are going to breach the crown jewels!
We’ve teamed up with Sky Betting Group to create a CTF which includes both old and new technologies for BSIDES. It features traditional CTF puzzles alongside a PwnDefend norm, an arena network featuring Windows targets!
The games start in line with BSIDES Leeds, at 0900 on the 24th January 2020 the following url will light up with flags across the virtual globe on the Facebook ctf platform.
https://ctf.bsidesleedsctf.com
The challenges are designed for a range of skill levels and all are welcome, if you can use a web browser and know what the magic F12 button does you are in with a chance of getting a flag or two!
I’ll also be presenting with my good friend Mathew Haines on the rookie track at 1400 where we are going to talk about CTF’s and how people can get started (they aren’t just for those who prefer a hoodie!)
I want to give a big thanks to everyone who has helped! From the team at BSIDES Leeds (and the man Large Cardinal himself) through to Sky Betting Group’s Glenn Pegden for hosting the games platform and making some awesome games through to community members, Ben Bidmead (pry0c) from Navisec and Daniel Ward (
@ghostinthecable) who made a community vm challenge!
I create PwnDefend games and content to benefit the community and to help people and organisation better defend themselves so it’s great not only to have community support but also to be able to give back, it’s even better to be able to team up with the team from SBG to bring this to the community!
See you on the cyber battlefields!
for more info on the CTF please visit:
In large organisations these are really common, but I’ve found that in alot of medium and small organisations standard documents are sometimes missing artifacs. These help guide and steer procurement and operations. They assist an organisation in efficiency and ensure hardware can meet security requirements.
This document is a quick fire template I put together as an example starting point.
https://www.pwndefend.com/wp-content/uploads/2020/01/PC-Device-Standards.docx
Internet facing exposed RDP services with a weak securiy configuraiton are never a good idea. In our latest video Matthew Haynes and Daniel Card take a look at the RDP threat lanscape and then following up with a lab demo of a simple RDP brute force attack.
You can see the video here on our youtube channel! Remember to like and subscribe! Stay safe!
Active directory sits at the heart of most organisations and would be considered a crown jewel information system. Here we take a whirlwind tour of deploying and running Ping Castle, an active directory auditing and assessment tool.
Read more “Security Awareness Week – AD Audits using Ping Castle”
When a post starts like this:
“On May 14, Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. In our previous blog post on this topic we warned that the vulnerability is ‘wormable’, and that future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.” – https://blogs.technet.microsoft.com/msrc/2019/05/30/a-reminder-to-update-your-systems-to-prevent-a-worm/
“Microsoft is confident that an exploit exists for this vulnerability” Read more “CVE-2019-0708 – BlueKeep”
‘Red Teaming’ the latest phrase in the cyber security world that brings a shudder down my spine! Now don’t get me wrong, adversary simulation is awesome, it’s a great tool and when wielded correctly brings massive value to enhancing your security posture… but alas, they aren’t always deployed in a business aligned and value driven position.
They sound ‘sexy’ and any pentester is going to jump at the chance to do one, let alone the sales and marketing teams will be grinning as they will come in with higher revenue but also will increase their case study portfolio for delivered red teams! (I’m not knocking this, it’s the reality of doing business).
Having witnessed a number of these take place against organizations who I don’t feel are ready for them, I thought I would write a piece on things I would recommend having in place before conducting a ‘red team’ assessment. Read more “Things to do before you conduct a ‘red team’ assessment”