Showing 61 results for: Tools ×

The Way of the Cryptologist

Right before DEF CON, a friend of mine reached out to me to ask if I would write a crypto challenge for his CTF. While it was a busy time for me, I didn't want to pass up the chance...

Custom Native Library Loader for Android

If you read my co-worker Neal Hindocha's recent post "Debugging Android Libraries using IDA" you notice he mentioned using a "custom library loader". We had used this on a recent mobile penetration test to have complete control over some home...

Securing Continuous Integration Services

Summary Over the last couple weeks, I've had the distinct privilege to share some of my research surrounding continuous integration security. The presentation was dubbed "Attacking Cloud Services w/ Source Code" and was presented at both SOURCE Boston 2013 and...

Securing Continuous Integration Services

Summary Over the last couple weeks, I've had the distinct privilege to share some of my research surrounding continuous integration security. The presentation was dubbed "Attacking Cloud Services w/ Source Code" and was presented at both SOURCE Boston 2013 and...

Introducing the Burp Notes Extension

As a Security Analyst I spend a significant amount of time working in tools like Burp Suite. On any given project I need to keep track of a large number of requests, responses, and various scan results. Conveniently, I can...

Mimicking Attackers: Building Malware for CCDC

This past weekend my fellow coworkers/friends and myself had the opportunity and the privilege to partake in Michigan State's Collegiate Cyber Defense Competition (CCDC). Specifically, we were asked to act as the 'Red Team', which essentially translates into making the...

Owning Windows Networks With Responder Part 2

One of the great things about working within SpiderLabs is that we prefer to use our own tools whenever possible. The biggest advantage to using your own toolset is lot more control over what's happening during the testing process; helping...

CryptOMG Walkthough - Challenge 2

For those of you that missed it last time, CryptOMG is a configurable CTF-style test bed that highlights flaws in cryptographic implementations. The application and installation instructions can be downloaded for free at the SpiderLabs Github. The challenge 1 walkthrough can be found here. The goal for the second challenge is to get the admin password. Unlike the first challenge, which told us there was probably a directory traversal flaw, this does not give us a very clear picture of the type of flaw we will be exploiting. After opening the application, we are presented with a login form and instructions telling us that we can login with guest/guest. Taking a closer look at the URL parameters, we have a "ReturnUrl" parameter with 32 hex characters, in this case 82803ac0ee614d894128649a2eb31f03.

Owning Windows Networks with Responder 1.7

A lot has been happening with Responder lately! Everything is still written in pure python for portability's sake, there's no need to install any third-party libraries. For starters, Responder is a passive credentials gathering tool. It listens for specific NBT-NS...

Wardrive, Raspberry Pi Style!

I purchased a Raspberry Pi a few weeks back. I found that I could power it, a WiFi card and a GPS from my 12000mah Li-Ion battery pack for about 12 hours. What a great way to explore with out...

PCAP Files Are Great Arn't They??

One of the most important skills in anyone's armory responsible for looking after the security of a corporation's networks should be how to analyze network capture files (PCAP files) obtained from sniffers. Putting a sniffer on the network can not...

Introducing Responder-1.0

Responder is a multi threaded tool that answers to IPv4 LLMNR (Link-local Multicast Name Resolution) and Netbios Name Service (NBT-NS) queries. This tool includes: - LLMNR poisoner. - NBT-NS poisoner. - Rogue SMB server with a NTLMv1/v2 hash graber. -...

Oops, I pwned your router - Part Two

In the last blog post, "Opps I pwned your router Part One", I talked about some of poor security that went into the basic embedded router operating systems. In this post I will flush out in more detail how one can go about reverse engineering these devices, what tools worked for me, and some of the results that I was able to get to. Hint: Having root on your hardware is good for me, bad for you.

Hey, I just met you, and this is crazy, but here's my hashes, so hack me maybe?

Those familiar with password cracking know that KoreLogic's rule set for John the Ripper has become the de facto standard for password cracking.However, as with anything technology related, the rules are slightly starting to show their age, specifically with rules designed to take into account years. So, I decided to take on the task of making a few modifications to the rule set, this includes updating them to take into account the current and prior year, but also reworking some of the rules to eliminate some redundancy.

Oracle DBMS_Scheduler Fun on Windows!

So, last time I showed how to get a Unix reverse shell up and running just by using Oracle PL/SQL commands making use of DBMS_Scheduler. My next challenge was to try and get a similar method to work on a...

Chat server fuzzing, Part 1. The Beginning

This article (along with subsequent articles) will cover the journey I've taken in learning about the XMPP (eXtensible Messaging and Presence Protocol) standard and how I used that knowledge to fuzz various servers, starting with the eJabberd server available from...