May 24, 2018

Author: Simon Gurney

Getting really low :: Backdooring an EXE

So recently I started my OSCE and part of it is backdooring an executable and doing some other things.  There are loads  of guides on the interwebz that basically just regurgitate the course content verbatim and claim it as their own.  I won’t provide links but trust me, they are out there.  These sites / blogs […]

How secure is IEEE802.1x?

I’m a huge fan of deploying “dot1x”.  With very little configuration (a Windows NPS server, a little group policy and some access switch commands) you can authenticate every device that connects to your network.  Unlike MAC based security, dot1x ensures that your devices must be successfully authenticated by a centralised RADIUS server before they are […]

My first Exploit-DB Post!!

Recently I’ve started to get interested in bug hunting to further my understanding of all sorts of programming languages and I highly recommend it! Today I decided to turn my attention to the Netman 204 card by Riello which is a small network management card which provides the ability to monitor Riello UPS products and […]

Bug Hunting – PHP

I’ve been doing a bit of bug hunting recently (with varying degrees of success) and really wanted to write this article just so I have a little cheat sheet to go back to!  I’ll keep updating it and adding bits as I find more. When I scoured the internet I came across a few “examples” […]

Using PowerSploit to inject MSFVenom shellcode

This article will discuss how we can use the rather brilliant PowerSploit project, coupled with MSFVenom, to inject a staged Meterpreter reverse HTTPS shell into a running process.  This script can then be Base64 encoded and used in a USB HID attack or a macro malware document and I will write the relevant guides for […]

PowerShell :: Base64 to string

Completing the numerous something to Base64 and back again scripts is this little one liner to get a string back from a Base64 encoded string.  This is useful a lot when doing offensive security as it allows you to store a script in Base64 then iex the decoded string.  ieex being an awesome PowerShell command […]

USB HID – Teenyduino keyboard led feedback

After doing a bit of Google-Fu I managed to work out how to read the state of the simulated keyboard LEDs for the Teensyduino.  It turns out you read a single value with the predefined variable keyboard_leds which when converted to binary shows the state of each LED in the least significant bits.  The what?  Let’s […]

USB HID – what to do when cmd and run are disabled

All the articles I can find on the internet for the USB HID attack vector revolve around using one of two initial shell access methods.  These are: Windows key + R — Open a run  prompt Windows key, type “CMD”, press ENTER — Open a command window Anyone who has worked in enterprise IT in the […]

USB HID attack – A zero to hero guide

I’ve had a Teensy USB 3.2 Arduino board for around a year now with the intention of playing with some USB HID attacks and creating this blog has finally motivated me to do it.  Hurrah for the blog.  If you haven’t heard or seen anything about USB HID attacks they are a pretty neat little attack […]

Mubix – Attacker Ghost Stories

This is a great video with some novel out-the-box methods for defending the modern enterprise.  I just had to share it as to date it’s got just over a thousand views and it’s actually got some really good, original content.  It’s hosted on YouTube so I have embedded it below.  Watch, learn and apply and […]
Page 1 of 3123 »

Subscribe to SYNACK via Email