Authenticated Remote Code Execution Methods in Windows
Posted by scriptjunkie in /dev/urandom, Defense on February 3, 2013
All of the below are supported ways of remotely executing code that are built-in to Windows. If psexec isn’t working since a service is not running or ports are blocked, you can try all these other options; defenders who want to detect intruders moving through the network need to detect all of these; incident responders might want to look for evidence of these…
Running Code From A Non-Elevated Account At Any Time
Posted by scriptjunkie in /dev/urandom on January 2, 2013
You may have found yourself in a situation where you have access to a system through a limited user account, or could not or did not want to bypass UAC (AlwaysOn setting for example) and you needed to continue running code even when the account logged off and/or the system rebooted (and even if you […]
Attack Test
Posted by scriptjunkie in /dev/urandom, Defense on December 23, 2012
Well, the Mayan Apocalypse came and went, and since we’re all still here, it’s time to get back to computer security. It shouldn’t be a surprise that the most likely way you’ll get exploited is through your browser, so you should routinely check for vulnerabilities there. I was inspired by some of the free browser […]
Hoarder, HIPS bypasses, and Ambush
Posted by scriptjunkie in Defense on October 1, 2012
I gave an updated Ambush Presentation at Derbycon today… On the attack side, I demonstrated Hoarder, which is a proof of concept to bypass standard hook-based host intrusion prevention systems by avoiding making any calls to OS DLLs at all, and only making raw syscalls to the kernel. It works in two steps. First, the getdlls program opens the target executable and recursively reads it and all of its required DLLs into C language byte arrays.
Vulnerable systems setup
Posted by scriptjunkie in /dev/urandom, Vulnerabilities on September 19, 2012
I frequently get asked how to set up a test lab to practice hacking on… So I looked through some release timelines and oldversion.com postings to figure out which versions of your favorite browser, plugins, and PDF reader would be installed if you had up-to-date versions of each on January 1st of the past three years, and where you can get them from. Enjoy.
Ambush – A New Capability for Advanced Defense
Posted by scriptjunkie in Defense on July 29, 2012
At BSides Las Vegas, I just released Ambush, an open-source Host Intrusion Prevention System that I have been developing for the past few months. See my talk at http://www.youtube.com/watch?v=kzgBcSHQDAs for the full motivation, description, and demonstration. In summary, after all of my offensive research, Ambush is my effort to arm the defense. I wrote Ambush […]
Malicious VM to Host Attacks
Posted by scriptjunkie in Exploits, Vulnerabilities on May 6, 2012
In The Hacker Games, a hostile VM is used as the target. It employs a few counterattacks among the included CTF-style challenges, so if you don’t want any spoilers, don’t keep reading!
The Hacker Games
Posted by scriptjunkie in Exploits, webapps on April 4, 2012
Welcome, welcome! The time has come to select one courageous young hacker for the honor of representing District 12 in the 74th annual Hacker Games! And congratulations, for you have been selected as tribute! … Depending on your skill level, you could pwn (or be pwned) in just a few minutes or in a few hours. So hack it before it hacks you …