Showing 119 results for: Penetration Testing ×

Corporate Passwords Part 1

With the vast amount of research and content that was done by SpiderLabs for the Global Security Report, it made it impractical to include all of the content that was written for this year's password study. But instead of letting...

Welcome to the Spider’s Lair

"Will you step into my parlor?" said the spider to the fly; "'Tis the prettiest little parlor that ever you did spy. The way into my parlor is up a winding stair, And I have many pretty things to show...

The Problem With Networks .....

Where do I start with this open-ended statement? I guess from a pen testing perspective, quite a lot. Internal pen test results tend to open up a can of worms for a company. There you are, managing your network, covering...

Sometimes, The PenTest Gods Shine On You

Settling down for a hacking session usually means lots of hard work and a long grind towards target data. You've got to juggle a large stack of systems and testing constraints, all while learning about the environment from the ground...

5 ways to protect your E-Commerce site

The Trustwave Spiderlabs team frequently responds to E-commerce data breaches. The number of website breaches that we are working continues to rise. There are a handful of reasons for this rise. We are approaching saturation in the "brick and mortar"...

Introducing the Burp Notes Extension

As a Security Analyst I spend a significant amount of time working in tools like Burp Suite. On any given project I need to keep track of a large number of requests, responses, and various scan results. Conveniently, I can...

Cracking IKE Mission:Improbable (Part 2)

A couple of weeks ago I posted Part 1 of Cracking IKE, detailing some useful techniques when cracking Aggressive Mode PSK hashes. In that post we saw that a hash is not always 'crackable' and additional steps are required in...

Cracking IKE Mission:Improbable (Part 1)

All too often during pen tests I still find VPN endpoints configured to allow insecure Aggressive Mode handshakes. Fortunately, gaining access to the internal network as a result of this vulnerability remains a fairly complex task. Hopefully this series of...

OS Image Wrangling

On most PenTests, alot of research goes into the things you find along the way. You find obscure software and other setups that can be a goldmine if you spend the time to do some research. On a recent test,...

CryptOMG Walkthough - Challenge 2

For those of you that missed it last time, CryptOMG is a configurable CTF-style test bed that highlights flaws in cryptographic implementations. The application and installation instructions can be downloaded for free at the SpiderLabs Github. The challenge 1 walkthrough can be found here. The goal for the second challenge is to get the admin password. Unlike the first challenge, which told us there was probably a directory traversal flaw, this does not give us a very clear picture of the type of flaw we will be exploiting. After opening the application, we are presented with a login form and instructions telling us that we can login with guest/guest. Taking a closer look at the URL parameters, we have a "ReturnUrl" parameter with 32 hex characters, in this case 82803ac0ee614d894128649a2eb31f03.

Defeating AES without a PhD

"Cryptography is typically bypassed, not penetrated." – Adi Shamir FAITH IN THE ARCANE When I tell a developer that I broke their cryptosystem, there's usually a pregnant pause in the conversation where they take it in, like a young child...

Teaching Security Self-Defense

My background in IT comes mostly from a nomadic perspective. In my years of IT and InfoSec, I've had the makings of a career consultant - different client each week, different city, different nature of work. It's been a long...

Fraud, Passwords, and Pwnage on the Interwebz

This past weekend I was lucky enough to attend Microsoft's BlueHat Conference in Redmond WA and Security B-Sides Seattle. The combination of some of those talks succeeded in keeping some persistent issues alive in the hopes of finding a solution....

PCAP Files Are Great Arn't They??

One of the most important skills in anyone's armory responsible for looking after the security of a corporation's networks should be how to analyze network capture files (PCAP files) obtained from sniffers. Putting a sniffer on the network can not...

You down with LNK?

Oftentimes on an Internal pen test, I find myself with a limited-privilege domain user account. On a recent test, I got ahold of an account like this through various means of hackery. It didn't have local admin anywhere, it wasn't...