Kali 2020.1 Update

Moar Dragon!

2020 has only just started in action and already we have an update to Kali! The new build, 2020.1 brings in another big round of changes which include things like changing the username and password cobo and cool stuff like NOT running as root by default for all those who love a KALI daily driver! 😛

This post is aimed at beginners, if you’re an experienced user you probably have already installed by now, so go secure stuff by sending all the pews. For the rest of you, let’s get the ISO downloaded and get cracking (maybe literally!)

We’ve also made a video to accompany this post (the video is a gui encrypted LVM install): Watch it here!

Downloading Kali

You can get Kali through HTTP or using torrents from the following link:

https://www.kali.org/downloads/ Read more “Kali 2020.1 Update”

Get your dark knight on to create a brighter…

Capturing all the flags

For BSIDES Leeds 2020 we’ve pulled out the stops and created a new CTF game which features both offensive and defensive challenges. The arena includes a number of servers, so you will need to get your pivot on if you are going to breach the crown jewels!

We’ve teamed up with Sky Betting Group to create a CTF which includes both old and new technologies for BSIDES. It features traditional CTF puzzles alongside a PwnDefend norm, an arena network featuring Windows targets!

The games start in line with BSIDES Leeds, at 0900 on the 24th January 2020 the following url will light up with flags across the virtual globe on the Facebook ctf platform.

https://ctf.bsidesleedsctf.com

The challenges are designed for a range of skill levels and all are welcome, if you can use a web browser and know what the magic F12 button does you are in with a chance of getting a flag or two!

I’ll also be presenting with my good friend Mathew Haines on the rookie track at 1400 where we are going to talk about CTF’s and how people can get started (they aren’t just for those who prefer a hoodie!)

I want to give a big thanks to everyone who has helped! From the team at BSIDES Leeds (and the man Large Cardinal himself) through to Sky Betting Group’s Glenn Pegden for hosting the games platform and making some awesome games through to community members, Ben Bidmead (pry0c) from Navisec and Daniel Ward (
@ghostinthecable) who made a community vm challenge!

I create PwnDefend games and content to benefit the community and to help people and organisation better defend themselves so it’s great not only to have community support but also to be able to give back, it’s even better to be able to team up with the team from SBG to bring this to the community!

See you on the cyber battlefields!

for more info on the CTF please visit:

https://www.bsidesleedsctf.com/

Things to do before you conduct a ‘red team’…

Introduction

‘Red Teaming’ the latest phrase in the cyber security world that brings a shudder down my spine! Now don’t get me wrong, adversary simulation is awesome, it’s a great tool and when wielded correctly brings massive value to enhancing your security posture… but alas, they aren’t always deployed in a business aligned and value driven position.

They sound ‘sexy’ and any pentester is going to jump at the chance to do one, let alone the sales and marketing teams will be grinning as they will come in with higher revenue but also will increase their case study portfolio for delivered red teams! (I’m not knocking this, it’s the reality of doing business).

Having witnessed a number of these take place against organizations who I don’t feel are ready for them, I thought I would write a piece on things I would recommend having in place before conducting a ‘red team’ assessment. Read more “Things to do before you conduct a ‘red team’ assessment”

Pentester Academy Attack Defense Labs – Web Application: Broken…

Introduction

Those who know me know that I not only practise offensive security techniques from a business perspective, I also play in a CTF team and build PwnDefend CTF challenges. I came up with the idea of doing a red and blue team CTF sometime in 2018 however this isn’t as easy to build and run as you would think. Anyway, I digress… as part of my research and personal development I like to test out other platforms and pwn a few things so I thought I’d do a quick write up of the Pentester Academy Attack Defense labs Web Application Broken Authentication challenge. Spoiler alert.. I spoil this one (but it’s easy so don’t cry too hard!) Read more “Pentester Academy Attack Defense Labs – Web Application: Broken Authentication”

Defending Office 365 against MFA bypass using IMAP

So, you have deployed Office 365, you’ve setup multi-factor authentication and deployed password managers so that your users can safely use MFA where it is supported but fall back to app passwords where it’s not. Great stuff… except by default you aren’t quite as secure as you would think!

Default Office365/Exchange Online Config

Now this is great for HTTP based communication methods. but email isn’t restricted to HTTP only. When we investigate the default deployment configuration we see that IMAP and POP3 are both enabled. The below screenshot shows the default mailbox feature configuration:

Now as we know, both IMAP and POP3 do not support a second or multi-factor authentication by default, so in the GUI you should disable those (unless you have a really specific business reason that means you MUST use these) Read more “Defending Office 365 against MFA bypass using IMAP”

Owning the Covenant like a Chief! – C2 Framework…

Covenant is a .NET c2 (Command & Control) Framework that aims to highlight the attack surface of .NET and aid red teamers! Today I’m going to jump into slip space with a Halo themed blog on my first use of Covenant in the lab. Let’s hope I don’t need Cortana to get this deployed (yes I’m a massive Halo nerd!)

Installation

First thing let’s head over to GitHub and check out the install notes:

The architecture seems to look like this:

Read more “Owning the Covenant like a Chief! – C2 Framework Review”

Using Open Source Intelligence in cool and scary ways

OSINT all the things!

I was on Twitter the other day (when am I not? 😉) and a post caught me eye, an industry friend’s post caught my eye, challenging the audience to identify their location (specifically which station they are at!), this I thought might be a cool challenge. The first post below is from Paul (Gaming Works) which gives a limited amount of information and a nice image:

Read more “Using Open Source Intelligence in cool and scary ways”

Happy Bugmass 2019! Critical vulnerability patched

We wish you a merry patchmass!

Well with the year winding down you’ve probably seen that Microsoft just released an out of band security patch:

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8653

CVE-2018-8653 is described as:

“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”

Read more “Happy Bugmass 2019! Critical vulnerability patched”

Copyright (c) Xservus Limited