Will customers ever really care about their Data Security?

Last week Neira Jones tweeted: 3/4 Of Customers Would Reconsider Using A Company In The Event Of A Data Breach https://t.co/A4EnoB4UTw #databreach #infosec — Neira Jones (@neirajones) November 24, 2015 To which I responded: @neirajones I believe customers will grow weary of companies security failures and robust security will become a major selling point. — Stuart Winter-Tear (@StegoPax) November 24, 2015 Quentyn Taylor made this observation in response: @StegoPax @neirajones however whilst consumers *say* they will move they rarely do. Look at Target, Sony, the banks. — Quentyn Taylor (@quentynblog) November 24, 2015 I countered with: @quentynblog Also I think Read More

Powershell Remote Access Trojan – PoshRat

I’ve been going through @nikhil_mitt‘s 5-part blog series on Powershell Shells. It’s beautifully and meticulously laid out and covers: Day 1 – Interactive PowerShell shells over TCP (Click here) Day 2 – Interactive PowerShell shells over UDP (Click Here) Day 3 – Interactive PowerShell shells over HTTP/HTTPS (Click Here) Day 4 – Interactive PowerShell shells with WMI (Click Here) Day 5 – Interactive PowerShell shells over ICMP and DNS (Click Here) Nikhil is the author of offensive security Powershell tools Nishang and Kautilya and his blog post series is ideal if you want to roll up your sleeves and play with these tools manually, Read More

A Few Good Infosec Blog Post Links

The below are some links posted over the last few days by my Infosec Blogs Twitter account that I found particularly interesting: Missing Context Is The Greatest Cybersecurity Threat To Every Company In The World – By @S_Clarke22 Well, That Escalated Quickly.. Common Windows Privilege Escalation Vectors – By @icanhazshell Appropriate Covert Channels – By @armitagehacker Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync – By @PyroTek3 Exploiting JBoss with Empire and PowerShell – By @424f424f Introducing WMIOps – By @christruncer Lifehack: Treat your passwords as delicately as you treat your underwear – By @e_kaspersky I’m sorry, but your email address is not as valuable as you think it Read More

The Pentest is dead, long live the Pentest!

A great lament for the death of conventional Penetration Testing went up to the cyber heavens yesterday: Penetration testing is to all intents and purposes, dead. It has been killed by an industry driven by profit, and end customers not driven by quality but by cost. The demands for metrics, for compliance, for the quantification and qualification of risk, have not only sounded its death knoll but abused its corpse. Like a pack of jackals providers suck the last of the marrow before they are inevitably replaced by an automated set of tools placed into the hands of functional testers. Read More

Powershell Tools for IT Security Operations

In truth I simply needed a place to store and sort all of the Powershell tools I find and thought it might be of use for others: PowerShell Empire – Pure PowerShell post-exploitation agent. Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. Powertools – A collection of PowerShell projects with a focus on offensive operations. This contains both PowerUp (tool to assist with Read More

Now that’s what I call a Hacker

I have to blog this, it’s hilarious and genius: Here’s an excerpt: xxx: OK, so, our build engineer has left for another company. The dude was literally living inside the terminal. You know, that type of a guy who loves Vim, creates diagrams in Dot and writes wiki-posts in Markdown… If something – anything – requires more than 90 seconds of his time, he writes a script to automate that. xxx: So we’re sitting here, looking through his, uhm, “legacy” xxx: You’re gonna love this [….] xxx: kumar-asshole.sh – scans the inbox for emails from “Kumar” (a DBA at our clients). Looks Read More

The war on terror hijacked for the war on privacy

I’m always wary when politicians use highly unusual and (thankfully) statistically rare and tragic events to promote change in society. As you can imagine this means my ‘wary senses’ are tingled often, especially after an incident such as the recent Paris attacks. I don’t consider myself a great champion of privacy; in fact, I view it as a relatively recent notion, especially when considering historical societal and familial structures. And to be honest, I am more concerned with my data in the hands of unaccountable corporate behemoths, than with government. Having said that, it gets me down that every single tragic, violent, unusual, act of terrorism, Read More

A Few Good Infosec Blog Links

Below are some links posted over the last few days by my Infosec Blogs Twitter account that I found particularly interesting : The First Official Da’esh DARKNET Bulletin Board Has Arrived – By @krypt3ia Daesh Darknet: Under The Hood – By @krypt3ia How Attackers Use Kerberos Silver Tickets to Exploit Systems – By @PyroTek3 dnscat2: now with crypto! By @iagox86 13th escar Europe conference | Embedded Security in Cars By @Enno_Insinuator Investigating Subversive PowerShell Profiles – By @mattifestation Abusing Active Directory Permissions with PowerView By @harmj0y

Tool agnostic fundamentals for Red Team operations

It was so tempting to call this post “Moving beyond Metrepeter” as the below video entitled Flying a Cylon Raider features Raphael Mudge talking about taking our knowledge of Meterpreter and mapping this to new tools. Quite coincidently – and before this talk was published – I asked Raphael the following: @armitagehacker I've been going thru comparing Tradecraft 2013 to 2015. With all the new Powershell developments do we need Metasploit? — Stuart Winter-Tear (@StegoPax) November 13, 2015 Raphael responded today with these salient Tweets: @StegoPax my $.02: red team ops/adv. sims are not pen testing. These activities really require focused toolsets. Those Read More

Criminals increasingly using social media as command-and-control (C2)

A paper entitled: C&C-AS-A-SERVICE: ABUSING THIRD-PARTY WEB SERVICES AS C&C CHANNELS caught my attention yesterday which looks at the growth in criminals leveraging popular web services for Command & Control (C2). The web services cited are: Google Docs, Twitter, Facebook, Microsoft Technet, YouTube, VKontakte, Jaiku, Tumblr, Google+, Yahoo Mail, Gmail, Google Talk, MSN Messenger, Skype, Google Calender So, quite a few options for the criminal as you can see. Why do criminals use Third-party web services for C2? One benefit for the criminal in utilising this strategy is that traffic to these websites looks legitimate, is often encrypted (HTTPS) and will blend in with legitimate use Read More