Resources
Article

Reversing & Exploiting with Free Tools: Part 8

In part 7, we solved ABO2 in GHIDRA. In this part, we’ll use IDA FREE to solve ABO3. As is the case with all of the ABOS, the goal is to run the calculator or some other executable that we want. First, open ABO3 in IDA FREE to analyze it. Searching for the PDB in the symbol server could produce the...
Penetration Testing
Datasheet

Offensive Security - Advanced Bundle

Core Impact and Cobalt Strike represent two distinct, yet complementary approaches to security assessment. Core Impact is an automated pen testing tool that focuses on initial access and security validation, while Cobalt Strike specializes in advanced post-exploitation techniques for red team operations. In additional to functioning independently, security teams can benefit from both platform...
Penetration Testing
Red Team
role-design-access-security
Blog

Role-Based Access Control: Why It Delivers a Modern Approach for Managing Access

Wed, 04/07/2021
Relying on outdated methods to manage user access is both a constant struggle and a persistent risk to your business. Manually keeping track of users and entitlements is costly, time-consuming, and daunting. But with a modern role-based approach, you can embrace a smarter, simpler, more secure way to manage user access. In this blog, we will define role-based access control (RBAC), explore why it...
IGA
Article

How to Deal with Microsoft Monthly Updates to Reverse Engineer Binary Patches

The new format of Microsoft monthly updates have proven challenging to reverse engineer. We’ve figured out a workaround that we hope will be helpful. In the original format, the Microsoft updates have always included the full files to patch, and from there it’s relatively straightforward to work on reversing and diffing through only extracting, without installing the patch. Sometimes the patch...
Penetration Testing
Penetration Testing Frequency: How Often Should You Test?
Blog

Penetration Testing Frequency: How Often Should You Test?

Wed, 03/31/2021
Penetration testing has become an increasingly standard exercise, with organizations using either pen testing services or in-house teams to uncover weaknesses and assess their security posture. Many businesses want to stay proactive about securing their IT environment and find that pen testing helps them stay compliant and prove adherence to regulations or industry best practices. According to the...
Penetration Testing
Article

Core Impact 2017 versus Metasploit: the Shootout Comparison

Core Impact 2017 R1 and Metasploit Pro are tools used to create multi-staged, real-world attacks to test enterprise security defenses. Organizations need improved visibility into the the holes in their enterprise network defenses. Pen Testing tools allow an organization to evaluate their ability to detect, prevent, and respond to attacks using multi-staged, real-world attacks. Both Core Impact...
Penetration Testing
3 Reasons You Should Be Using SIEM
Blog

3 Reasons You Should Be Using SIEM

By Bob Erdman on Wed, 03/24/2021
Security Information and Event Management (SIEM) solutions have been around for years, helping to identify and escalate critical security events. SIEM solutions have become integral to many organizations’ security portfolios. In fact, according to the 2021 SIEM Report by Cybersecurity Insiders, 74 percent of respondents ranked SIEM as very to extremely important to their organization’s security...
SIEM
Article

Understanding the Evolution of Ransomware

Ransomware, as an active variant of current malware, has undoubtedly undergone a series of changes that have allowed cyber criminals to expand the horizons of clandestine business. In order to try to understand the different "forms" ransomware has presented over time, this article will show the evolutionary line of this latent threat in a compact and concrete way. Ultimately, it aims to...
Penetration Testing
2021 predictions
Video

Prioritizing Pen Testing: 2021 Survey Results Revealed

Tue, 03/16/2021
The global chaos of last year was also seen in the digital world, as cyber attackers were seemingly relentless in their efforts. Such activity underscores the importance of penetration testing to assess and test security vulnerabilities, which allow you to better evaluate risk and be ready to detect, prevent and respond to threats as they happen. Though pen tests continue to become a required part...
Penetration Testing
Blog

How to Pen Test Against Orphaned and Privileged Accounts

Mon, 03/15/2021
The more pen-tests I do, the more I see that despite how every organization claims that they’re different, I see the same commonalities with how things are being managed inside the network. One of those commonalities that I see tends to vastly improve my odds of persistence and avoiding detection: how an organization handles orphaned accounts and service accounts. Let’s talk about a little theory...
Article

Simple DNS Redirectors for Cobalt Strike

Authored by: Ernesto Alvarez, Senior Security Consultant, Security Consulting Services This article describes techniques used for creating UDP redirectors for protecting Cobalt Strike team servers. This is one of the recommended mechanisms for hiding Cobalt Strike team servers and involves adding different points which a Beacon can contact for instructions when using the HTTP channel. Unlike HTTP...
Performance gears
Video

The Evolution of SIEM: 2021 Survey Results Revealed

Tue, 03/09/2021
The commotion and upheaval of 2020 still has everyone seeking steadier ground, and security teams are no exception. But with seemingly relentless attacks and increasingly complex threats, is such stability just a pipe dream? Can well established safeguards like Security Information and Event Management (SIEM) solutions still be relied upon? In this webinar, cybersecurity experts Bob Erdman and...
SIEM
Article

Exploiting Citrix Application Delivery Controller (ADC) and Gateway CVE-2019-19781 with Core Impact

A Core Impact module was released on January 14, 2020 to exploit an as-yet unpatched patch traversal flaw in Citrix Application Delivery Controller (ADC) and Gateway (formerly known as NetScaler ADC & NetScaler Gateway) identified as CVE-2019-19781.This critical vulnerability is a path traversal bug that can be exploited over the internet by an attacker. It can be exploited to remotely execute...
Penetration Testing
Article

Advanced Pen-Testing Tricks: Building a Lure to Collect High Value Credentials

Here’s the scenario: You’ve compromised a system but it hasn’t been logged into recently by an administrator, so you’re quite disappointed by your Mimikatz results. You’ve got local system credentials but nothing that’s on the domain except the machine account. Your mission: do something with the system that will attract the attention of someone with administrator credentials and make them log...
Penetration Testing
Article

How to Pen-Test Around the Password

What if I told you that in most networks these days, you don’t have to bother with cracking the passwords? With most networks with Active Directory, you can use the stored hash obtained via Mimikatz or a WPAD attack to authenticate. How, you may ask? It’s because of the wondrous bit of mis-engineering that is the Windows NT Login Challenge and Response. I’m going to dive into this a bit, so that...
Penetration Testing
Article

Identifying iDevices on your network using Core Impact, and where to go from there...

Oftentimes after using Network Information Gathering, we are still left with a number of devices that may reflect an "Unknown" OS. With the saturation of these devices in the market today, there is a good chance there may be some located on your network. By identifying these devices we can also potentially expand our attack surface and gain other useful information. So, where do we start? We may...
Penetration Testing
Article

Building Custom Modules for Core Impact, Part 1 of n-1

In this installment, we’ll start diving into the anatomy of an Impact module where you'll get the opportunity to absorb some of the features and implications before we dive into building something real and useful. In the course of conducting penetration tests, we often come across password hashes of various types. We can sometimes use these without cracking them, but, it is often useful and...
Article

Building Custom Modules for Core Impact, Part 3 of n-1

In our last installment, I gave you a final hunk of code with several function calls and decided to let you stew for a week before revealing what was going on under the hood. Well, you’ve stewed for a week, so let’s review. while DoneWithCrack == False: if not self.getTasks(str(self.getHashCatPath()).split("\\")[-1]): DoneWithCrack=True if os.path.exists(outputFile): f...
Article

Building Custom Modules for Core Impact, Part 2 of n-1

Last week, we discussed exactly what we’ll be building and got some of the boilerplate done along the way. I’m sure that you dug into the modules that I strongly hinted that you take a look at for inspiration. To review, this module will need to: Know where the Hashcat executable lives Know what hashes we want cracked Know the minimum password length to brute force Know the maximum password...
Article

The BIOS-Embedded Anti-Theft Persistent Agent that Couldn't: Handling the Ostrich Defense

Alfredo Ortega and Anibal Sacco presented their findings in Absolute Software’s Computrace “persistent agent” as part of their ongoing research on BIOS rootkits at Black Hat USA 2009. Before I dig into some technicalities of the findings of Alfredo and Anibal, let me dispel any doubts about the disclosure process that we followed. The vendor was made aware of the report and upcoming presentation...