Extortion and Ransomware – A lethal Combination

A Brief History of Ransomware

Ransomware is not that new, I remember back during the msblaster incident I said to a friend, it is a good job whoever wrote this worm was not evil because they would have simply encrypted or deleted all the data post infection. Hell, I can barely remember when that was, I think it was late 2003. Ransomware has been around since the 1980s but not quite in its modern form (it started with the AIDS malware scam). Fast forward to the mid 2000’s and criminals were using encryption but that wasn’t a norm and things only really started to take a bad turn around 2012/2013 with Cryptolocker. The next major global events were WannaCry, NotPetya and Badrabbit. Read more “Extortion and Ransomware – A lethal Combination” →

The case for hacking back

Weapons Free

Cyber warfare, it may sound like something out of a fictional book or science fiction film but in the modern digital age it is a reality. 24 hours a day around the world there are information wars occurring ranging from civilian domestic style events through to military operated campaigns. Read more “The case for hacking back” →

Everything must be agile but is that really always…

A lot of people talk about AGILE but the normally mean ‘agile’ however when it comes to security testing and penetration testing (to me there is most certainly a difference) we need to be mindful of the different approaches, so we select the right one for the context, scenario, and objectives.

In this post we take a brief look at what we recommend for a range of scenarios and we look at the key differences and what some constraints might mean when it comes to approach selection.

New Year , New You! Securing Active Directory

By default, a ‘domain user’ can read mostly everything in active directory. I’m not sure every sysadmin knows this as I often find passwords stored in the description filed (see the example screenshot, this was from a domain user with no third-party tools leveraged). Read more “New Year , New You! Securing Active Directory” →

Lack of HTTPS does not automatically mean that you…

An industry mainly filled with good people but too many sharks

It’s becoming more and more common, I see content posted online, I hear people in meetings (hell I’ve been invited into some ‘opportunities’) and the basic theme seems to be:

Fill your profile with as many buzzwords as possible
Try and make your organisation seems legit and have links to the police and security services
Call out crazy stuff like the lack of HTTPS as “TOTALLY COMPROMISED”
Ignore science
Post sales adverts under Security Services and Police posts to leach ‘authority’
Constantly use statistics to back up their position
Use social swarming (multiple people from the same company will rally around to defend/attack someone who questions the narrative)

mRr3b00t’s pentest 101 draft notebook

I love sharing content, ideas, thoughts, theories and hopefully some of the things i’ve picked up along my career so far! I imagine most people wouldn’t say I had a traditional approach to consulting and my content sharing approach is generally quite simmilar, so in a mad moment a week ago I decided to see if I could go through the Comptia Pentest+ course. Why did I decide to do this you ask! Well that’s a bit more complex…

Learn all the things!

Many of you will know I’m a massive fan of learning all the things, but also I’m a huge fan of sharing intel, knowledge and experiances because I know when you are starting in a field, the world can seem too big to know things! So to this end, I’ve put together a quick list of tools that I believe are required you have some knowledge of for the PenTest+.

Where possible links to tools and download locations have been provided. Clearly you can deploy a security testing distro such as Kali Linux, Parrot etc. buy you may want to simply install Ubunt or use Windows and WSL 2. Read more “Learn all the things!” →

Perimeter Security Vendor Hell – Unauthenticated RCE’s and other…

Disclaimer

If your can’t take an honest view on real challegnes we face you probably want to click the back button now!
The three laws of IT apply:

Software has bugs
Hardware breaks
Humans Make Mistakes

It doens’t mean however we shoulnd’t strive to do better! so now that’s out of the way here’s a fast blog on shit you should care about and patch (if you haven’t already!)

Also please note these are not ALL the vulnerabilities you should care about, just some choice ones that are enough to make you cry!

Introduction

“Don’t worry, we’ve got that behind a firewall or VPN!” is something I’ve heard a lot over the years, which to be honest is starting to look more and more worrying. Think that’s just me giving my opinion? Well think again, here we have collated SOME of the vulnerabilities in security products which if unpatched/mitigated really leave you. well quite insecure!

Try Hack Me – Part 6: Rise of the…

In this latest room (box) we take on Skynet! This box has a cool theme and was fun to play through.

https://tryhackme.com/room/skynet

This room starts to move away from the guided path and has far fewer flags, but it retains more than just a two-task approach to keep the person thinking about the types of vulnerability. I’m thinking it might be cool to ask defensive questions as well (something I might add into my room I’m building).

Well we don’t have time to waste, the machines might rise up and judgement day occur so let’s get pwning! Read more “Try Hack Me – Part 6: Rise of the Machines” →

Tech Tip: Simple Python3 HTTPS Server

Today’s tip is a quick post on how to create self signed HTTPS web services in python for when you need to transfer a file fast! Now in a live environment you are likely going to need to use a CA signed service such as LetsEncrypt etc. otherwise your clients will get a warning (or they will just click Accept and Continue etc. as most people do! However this is a quick post to show how to use Python3 to host http and https services for staging payloads etc.