Intro In a previous post, @bluscreenofjeff and I (@Sw4mp_f0x)discussed the importance of data parsing skills for penetration testers and detailed the basics of how to get started with it. We covered a few tools, but only scraped the surface of what’s possible with two very powerful tools: awk and sed. As a refresher, AWK is a programming…
Amazon’s S3 buckets have been a hot topic lately and are worth taking a look at from both a red and blue perspective. Just last week, poor S3 bucket access control management has led to Verizon exposing approximately 14 million customer records, including customer service PINs. Just before that, a GOP analytics firm exposed 198…
Introduction BLUF: Kraken is a web interface survey tool for offensive and defensive purposes that will screenshot and catalog web interfaces found through scanning. It can be found on my Github, which includes a wiki with detailed setup and usage information. Evaluating web interfaces during a penetration test is, arguably, the biggest pain point…
Intro In a previous post, @bluscreenofjeff and I discussed the importance of data parsing skills for penetration testers and detailed the basics of how to get started with it. In that post we covered multiple ways to match text and search for specific strings. The examples we used were pretty straightforward, which is not always true…
Parsing data is a fundamental ability that anyone serious about information security should consider putting time and effort into understanding. It can mean the difference between spamming Ctrl+F in a text editor and pulling out exactly what you need with a Bash one-liner that took a couple of minutes to create and modify. In the…
Introduction and Intent Since watching FireEye FLARE’s ‘WhyMI So Sexy?‘ at Derbycon last September, I have wanted to better understand WMI Events and apply them to offensive security operations. I saw the potential, but my comprehension was lacking and a comprehensive offensive WMI toolset did not exist. I was recently taken to school on WMI…
I decided to take some screenshots of Powershell Empire today while performing payload analysis. Below is a quick, down and dirty, walkthrough to get you going with Powershell Empire. Keep in mind I have only looked at the slideshow at this point. I really like the idea of using these instead of Meterpreter due to…
Today, during a pentest, I encountered the following error when running the Psexec Metasploit module with local account credentials Exploit failed: ActiveRecord::RecordInvalid Validation failed: Value can’t be blank I was a little thrown off by this as I have never experienced it before. It is a Ruby error referring to an empty smbdomain field. Although the field is…
It has finally happened, Matt Graeber‘s Powerview Powershell cmdlet was caught by Symantec Endpoint Protection (SEP) during a pentest this week. The cmdlet is SID 29038 in Symantec’s attack signature database. Scenario During testing I used the following one-liner to download import the powerview.ps1 script and then execute Invoke-FindLocalAdminAcess from a general user’s desktop: powershell…
Last week I ran into a situation where I needed to manually brute force a webapp login form that used form tokens to request authentication. Our client wanted to see how far we could get in a black box scenario. The unauthenticated portion of the webapp was nothing more than a typical login page complete with…
Pentest Armoury 