Kerberos AD Attacks - Kerberoasting

Recently I've been trying to make sure that my redteam knowledge is up to date, exploring many of the advancements in Active Directory Kerberos attacks... and there have been quite a few! I finally found some free time this week to roll up my sleeves and dig into the internals of some of these attacks, and hopefully document them for other people to learn. This post is the first in a series aimed at explaining what is happening under the hood when you execute your favourite Powerview or Mimikat... Read More »

ExplodingCan - A vulnerability review

A few months ago, my colleagues over at Secarma released a review of ExplodingCan, one of the many exploits released as part of the ShadowBrokers dump. At the time I was asked to complete a review of the vulnerability, specifically how this affected a vulnerable server and if anything could be done to protect users.... Read More »

Analysis of APT28 hospitality malware (Part 2)

In the first part of this malware review, we looked at the VBA code used by APT28 to drop a DLL onto the victims' machine as part of their recently highlighted hospitality campaign. In this post, we will look at the dropped file, and understand just what it does, and how we can analyse it using IDA Pro. So we know from the first post that we have a DLL, which is... Read More »

Analysis of APT28 hospitality malware

This week, FireEye published a writeup of yet another APT28 campaign, this time targeting the hospitality sector. I'm always interested to see the latest APT group techniques, so I decided to review the malware to see how the dropper worked... Read More »

How GitHub login detection banner works

Sometimes I come across things non-security related that intrigue me, albeit mostly I'm thinking how I can use it to exploit a service, but still... One such piece of functionality caught my interest, a banner displayed at the top of GitHub. I was thinking of the different ways that this type of functionality could be achieved. We have seen similar methods of detection exploited in the past to leak out information, although much more targeted at cross-origin detection (such as Social Media F... Read More »

Prev Page | Next Page