Skip to content
PwnDefend
  • Base
  • Comms Room
    • Customer Feedback
    • Company Information
    • Security Management
  • Services
    • Consulting Services
      • Enterprise Security Posture Assessment
      • Cyber Security Assurance & Security Testing Services
      • IT Security Healthchecks
      • Active Directory Assessment Services
      • Managed Remediation Services
    • Emergency Cyber Incident Response Support
    • Our Success Stories
    • Partner Services
  • Blog
  • Privacy
Education

The Long Game: Persistent Hash Theft

CVE-2023-23397 enables a threat actor to send a calendar invite whereby the properties of the msg file can include a path for the reminder sound file. This is achieved by setting:

Read more “The Long Game: Persistent Hash Theft” →
Guides

Practical Security Assurance

Penetration testing, adversary simulation, red teaming, purple teaming, rainbow teaming, call if what you like, the security outcome we are working towards is:

  • Improved Security Posture
  • Assurance of security investments and controls
  • Enablement of information sharing
  • Collaboration and Understanding
  • Identification of strengths and weaknesses
  • Optimization and Improvement Opportunities

This is to support the organisations mission, vision, goals, and objectives. Cyber security is to support and enable the organisation’s capability to execute digital services in a safe manner.

Read more “Practical Security Assurance” →
Graphical user interface, text Description automatically generated Education

When running Nessus is a good thing!

Oh that’s “just a Nessus scan” or that’s not a real pen test etc. is something that if you are in the infosec/cyber world for a few minutes you will probably hear.

It’s honestly a bit odd, some sort of way of diminishing something because a tool was used, which doesn’t really make a whole lot of sense given most activity involves using something that already exists (sure there are fields and scenarios where this isn’t true but I’m generalising).

So why are we as an industry obsessed with tools and obsessed with berating people for using them? It’s all rather odd.

It perhaps ties in with this Cyber Myth about penetration testing being the tool that’s good and useful in every scenario… I hate to break it to people, but it’s not the principles of security and it certainly isn’t the best/most appropriate “tool” in every scenario. Read more “When running Nessus is a good thing!” →

Education

Common Windows Services

Exploitation of common windows services is an important area of knowledge for both offense and defence.

  • Server Message Block (SMB)
  • Remote Desktop Protocol (RDP)
  • Windows Management Instrumentation (WMI)
  • Windows Remote Management (WinRM)
  • File Transfer Protocol (FTP)

Other common technology platforms in the Windows Stack Include

  • Active Directory Domain Services (ADDS)
  • Active Directory Certificate Services (ADCS)
  • Internet Information Services (IIS)
  • Microsoft SQL Server (MSSQL)

For now I’m just going to look at a few of the common protocols and vectors.

Read more “Common Windows Services” →
Guides

SMB (Server Message Block) Protocol Basics

SMB in a CLI world

If you are new or like me forget the bazzilion command syntaxes in the world, the use of the man command will be super helpful as well as google foo! To help people on their way here are some example of basic SMB tools, these come with kali.

SMB Ports

SMB typically operated on TCP 445

Nmap Example

Read more “SMB (Server Message Block) Protocol Basics” →
Threat Intel

Learn to SOC: Java Webshell via confluence

When running honeypots you never have to wait too long for something to drop!

This moring we had a new hit in the pot, so I decided to invesigate but also to blog and show how we could go about investigating the logs and paylods etc.

Read more “Learn to SOC: Java Webshell via confluence” →
Guides

Wireguard Client for Linux on KALI

So as always there are a million things in tech and well it’s rare that someone knows EVERYTHING.  I must connect to a Wireguard VPN from a KALI VM. Should be simple, well actually it was a bit more complicated as I had two errors along the way!

Kali Wireguard
Read more “Wireguard Client for Linux on KALI” →
Guides

mRr3b00ts Pentest Plus Study Notebook

I created a PDF notebook a while ago when I decided on a whim to to the Pentest+. I have quite a few people ask me about getting into cyber security and well, you know when I was younger this stuff was just called IT mainly (IT + Infosec) so I thought let’s go test out the Pentest+. I did the course and exam in a week (whilst writing the notebook) (don’t think that’s a good idea but my objectives were more to make sure if I think it’s any good or not). Pleased to say I thought the course was good (I used pluralsight at 1.x speed) and the exam was fun (for an exam).

Hopefully this helps people explore the some of the world of offensive security and appsec. Read more “mRr3b00ts Pentest Plus Study Notebook” →

CTF

Abusing AdminSDHolder to enable a Domain Backdoor

If we have high privilege access to a domain, we will likely want to establish persistence with high privilege access. One mechanism to do this is to assign ourselves permissions to the adminSDHolder object in active directory:

Graphical user interface, application

Description automatically generated

Here we have the default adminSDHolder permissions. We are going to add our user “low” in here with modify or full control permissions: Read more “Abusing AdminSDHolder to enable a Domain Backdoor” →

CTF

How to Identify Hashes

Some hashes are obvious but even then, it’s a good job to check. There are a few ways to check a hash outside of manual validation.

Using the Hashcat example list:

https://hashcat.net/wiki/doku.php?id=example_hashes

Graphical user interface, text, application, email

Description automatically generated

Using hash-identifier:

https://github.com/blackploit/hash-identifier

Using cyberchef Analyse hash:

https://gchq.github.io/CyberChef/#recipe=Analyse_hash()

Background pattern

Description automatically generated with low confidence

Using hash-id:

https://github.com/psypanda/hashID

Using HashTag:

https://github.com/SmeegeSec/HashTag

As you can see there are range of tools available to you, and remember if you want to keep the hashes to yourself you can download Cyberchef and run it locally!

Posts navigation

1 2

Recent Posts

  • Protective DNS (PDNS) by NCSC UK adds UK schools
  • Cisco IOS XE Incident Update
  • No one is responsible for your OWN Cyber Defences other than you! 
  • The Manual Version 2.0
  • Cyber Security for PC Gamers

Recent Comments

  1. The Week in Ransomware – May 26th 2023 – Cities Under Attack - Shackle Media on The Manual Version 2.0
  2. The Week in Ransomware – May 26th 2023 – Cities Under Attack – Source: www.bleepingcomputer.com - CISO2CISO.COM & CYBER SECURITY GROUP on The Manual Version 2.0
  3. The Week in Ransomware - Might twenty sixth 2023 - Computer Depot | Best & Reliable Computer Repair - O'Fallon on The Manual Version 2.0
  4. The Week in Ransomware - Could twenty sixth 2023 - Anedejo on The Manual Version 2.0
  5. The Week in Ransomware - May 26th 2023 - Tech World4uu on The Manual Version 2.0

Archives

  • November 2023
  • October 2023
  • August 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • March 2020
  • February 2020
  • January 2020
  • October 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018

Categories

  • Architecture
  • Breach
  • Company News
  • CTF
  • Defence
  • Defense
  • Education
  • Fiction
  • Getting into Cyber
  • Guides
  • Hacking
  • IOT
  • Leadership
  • News
  • OSINT
  • Reviews
  • Strategy
  • Threat Intel
  • Uncategorized
  • Vulnerabilities
Copyright (c) Xservus Limited