I needed something new in my life, so I decided to take my favorite dog out for a walk in the ATT&CK jungle to check out the newly added sub-techniques…
Continue reading “Back from the ATT&CK jungle…”
Continue readingBold Statements
Continue reading “Back from the ATT&CK jungle…”
Continue readingLately, we came across a remote code execution in a Tomcat web service by utilizing Expression Language. The vulnerable POST body field expected a number. When sending ${1+2}
instead, the web site included a Java error message about a failed conversion to java.lang.Long
from java.lang.String
with value "3"
.
From that error message we learned a couple of things:
String
Whenever you are able to execute code within a Java Context, the most interesting part is to check whether we can get a Runtime
object and execute arbitrary OS commands.
Sending ${Runtime.getRuntime()}
resolves to java.lang.Runtime@de30bb
. Great, so we can use Runtime.exec(String cmd)
to execute arbitrary code? Continue reading “DNS exfiltration case study”
Some time ago I had the pleasure to speak at the BASTA! Autumn 2019 conference. There, I promised to publish my slides such that they can be used as a reference for developers and security guys like me. And with this blog post I would like to hold up to my promise.
Continue reading “BASTA! Autumn 2019 – Security in DevOps”
Continue readingHi there,
SadProcessor here, happy to be back on the Insinuator to share with you some of my latest BloodHound adventures and experiments…
TL;DR Well too bad for you… Continue reading “Blue Hands On Bloodhound”
Continue readingThis is meant to be the first part of a 3-part series discussing the space & types of IP addresses, with a particular focus on what has changed between IPv4 and IPv6. In this first post I’ll take the audience through a historical tour of some developments within the IPv4 address space.
Continue reading “A Brief History of the IPv4 Address Space”
Continue readingThis post by Jeff (@jeffmakes) was delayed due to interferences with other projects but nevertheless, enjoy!
This year, it was my great honour to design the hardware for the Troopers19 badge.
We wanted to make a wifi-connected MicroPython-powered badge; something that would be fun to take home and hack on. It was a nice opportunity to use a microcontroller platform that I hadn’t tried before. I also used the project as a chance to finally migrate my PCB workflow from Eagle to Kicad. Inevitably it was a painful transition, which resulted in quite some delay to the project as I floundered around in the new tool, but it does mean the design files are in an open format which I hope will benefit the community of Troopers attendees and future badge designers!
Continue reading “Troopers 19 – Badge Hardware”
Continue readingThe next major release of DirectoryRanger is now available for customers, and for everyone who would like to try it ;-). Current attacks show that quite often the topic of Active Directory Security is not on the security agenda, but it should be, and this was the reason for us to build the tool and, of course, to maintain and improve it. So what are the major new features released with DirectoryRanger 1.5.0? Here we go:
Continue reading “DirectoryRanger 1.5.0 Is Available”
Continue readingSadly, TROOPERS 19 is already over. I had great fun meeting all of you, helping you with your badge problems and seeing others hacking on their badges for example to get custom images on there.
With this year’s badge we wanted to give you something you can reuse after the conference, learn new things new build something on your own.
As promised in our talk Jeff and I would like to give you a short introduction into the badge internals. Along with this post we will release the source code for the badge firmware, the provisioning server and the schematics for the PCB.
Continue reading “Troopers 19 – Hack your badge”
Continue readingBack from Holidays, you started the year well motivated to make the world a safer place.
However, sitting at your desk today you realize nothing really changed since last year, and you are surfing the web, feeling a bit blue, trying to avoid that pile of emails waiting for you and wondering how you could gain some visibility on your domain in order to better defend it.
No worries, emails can wait a bit longer. All you need is some fresh air and something cool to keep your defensive mind motivated for the year, and I might have just what you need; so put on your shoes and let me take you on a 15 minute Cypher walk with a cool blue dog…
Continue reading “2019 – Year Of The Blue Dog…”
Continue readingWith version 1.1.0 our tool DirectoryRanger introduces a new feature: informational audit checks. These checks do not have a severity rating because they are just “for your information” and the included information might or might not contain security issues, depending on other facts. But these checks can help to reduce your Active Directory attack surface by pointing you to some aspects which need your attention and at least require to be discussed and documented (and they might also imply governance measures like a risk acceptance).
Continue reading “DirectoryRanger 1.1.0 Introduces Informational Audit Checks”
Continue reading