Tag: guides

Guides

Hacking 101

Back in 2019 I started to make some materials to help people with some basic offensive security techniques. I made three eppisodes of training materials. Well I’ve decided to re-release these, they haven’t really been changed but I’ve updated a few graphics on episode 3 and removed a link to Cain and Abel because it’s no longer maintained. I will probably go through these at some point and re-factor them.

I’ve got more documents on active directory security, I’ve actually written hundreds of pages on the subject but the challenge I’ve had is there is just so much to write, so I’ve decided I’m going to chunk it up into small blogs on a specific technique or area.

Read more “Hacking 101”
CTF

Try Hack Me: Part 5 – Game Zone

Getting my agent on!

Today we look at a vulnerable web application room based upon the Hitman series!

https://tryhackme.com/room/gamezone

This is a fun room where we see an old but common vulnerability in untrusted user input lead to sensitive information disclosure (hashed credentials) which results in a threat actor gaining initial access. From here we then discover there is a weak security configuration (in effective network segmentation) and a vulnerable unpatched service. This chain leads to total system compromise. Read more “Try Hack Me: Part 5 – Game Zone”

CTF

Try Hack Me part 4: Alfred

To the bat cave and fetch me some tea!

Welcome back everyone! Today we are posting a walkthrough of the ALFRED room on TryHackThis!

https://tryhackme.com/room/alfred

This is a fun room; it’s got real world technology deployed and the paths are exactly what you might find IRL! Attacking commonly deployed enterprise products is something that I really enjoy seeing on a learning platform and CTF as I think this equips people for realistic scenarios both from an offensive and defensive perspective! Right, so let’s hop to it! “Alfred I need a laptop and some tea!” Read more “Try Hack Me part 4: Alfred”

Guides

Basic Package Management in Kali Linux

Apt this Apt that!

One thing that I found quite hard to deal with when I started using Linux coming from a Windows background was the package manager. I thought I would run through some basics here to give people a kick start on their journey!

In the Linux world the operating systems have repositories that are maintained, think of this like the windows update catalogue (but it includes way more). Here we have all the OS files (packages) and application (packages). Read more “Basic Package Management in Kali Linux”

Defense

Things to do before you conduct a ‘red team’…

Introduction

‘Red Teaming’ the latest phrase in the cyber security world that brings a shudder down my spine! Now don’t get me wrong, adversary simulation is awesome, it’s a great tool and when wielded correctly brings massive value to enhancing your security posture… but alas, they aren’t always deployed in a business aligned and value driven position.

They sound ‘sexy’ and any pentester is going to jump at the chance to do one, let alone the sales and marketing teams will be grinning as they will come in with higher revenue but also will increase their case study portfolio for delivered red teams! (I’m not knocking this, it’s the reality of doing business).

Having witnessed a number of these take place against organizations who I don’t feel are ready for them, I thought I would write a piece on things I would recommend having in place before conducting a ‘red team’ assessment. Read more “Things to do before you conduct a ‘red team’ assessment”

Defense

Defending Office 365 against MFA bypass using IMAP

So, you have deployed Office 365, you’ve setup multi-factor authentication and deployed password managers so that your users can safely use MFA where it is supported but fall back to app passwords where it’s not. Great stuff… except by default you aren’t quite as secure as you would think!

Default Office365/Exchange Online Config

Now this is great for HTTP based communication methods. but email isn’t restricted to HTTP only. When we investigate the default deployment configuration we see that IMAP and POP3 are both enabled. The below screenshot shows the default mailbox feature configuration:

Now as we know, both IMAP and POP3 do not support a second or multi-factor authentication by default, so in the GUI you should disable those (unless you have a really specific business reason that means you MUST use these) Read more “Defending Office 365 against MFA bypass using IMAP”

Guides

Owning the Covenant like a Chief! – C2 Framework…

Covenant is a .NET c2 (Command & Control) Framework that aims to highlight the attack surface of .NET and aid red teamers! Today I’m going to jump into slip space with a Halo themed blog on my first use of Covenant in the lab. Let’s hope I don’t need Cortana to get this deployed (yes I’m a massive Halo nerd!)

Installation

First thing let’s head over to GitHub and check out the install notes:

The architecture seems to look like this:

Read more “Owning the Covenant like a Chief! – C2 Framework Review”

Defense

How to audit sensitive file changes using out of…

Defending critical assets

In the wake the of the British Airways breach I thought I would shed some light on a technique to help detect and alert (help respond) to events that may affect critical business processes by modifying critical or sensitive files. We are going to start with a simple scenario using out of the box tools.

Auditing Critical Files

Windows Server comes with a number of security features including object access auditing, in this post we are going to take a brief look at enabling monitoring of sensitive data files. The example we are going to use are monitoring for changed to the web.config file used my .net web applications.

To start with in our example machine, we are going to need to enable audit object access either using local policy or preferably group policy (it should be noted you need to think about log volume, collection and retention/rotation). Read more “How to audit sensitive file changes using out of the box Windows Tools”

Guides

My OSCP Diary – Week 1

A long time ago in a more civilised age

I’ve been working on the technology industry for the last 17 years, planning, designing, building and operating solutions since I was able to access the internet. I’ve been working the last 10 years as a consultant architect (across a number of domains) working with clients to understand their businesses, their technology needs, current deployments, gaps, road map and create solutions to enable their businesses, but you can’t do that if you introduce risks to businesses by creating unnecessary and unwanted security risks.

I’ve delivered services directly for and as part of a supply chain for a large range of organisation verticals from global media organisations, logistic firms, retail, telecommunications, media & entertainment through to local authorities, central government agencies, armed forces and the metropolitan police. Read more “My OSCP Diary – Week 1”