Room362

Blatherings of a security addict

BlackHat USA 2016

Once again, @egyp7 and I will be teaching both our Metasploit Basics course as well as the Mastery Course.

Metasploit Minute

Metasploit Minute Season 6 is on the air! I know we have been away for a long while. The first episode is posted https://www.patreon.com/posts/5083466 each Monday a link will be posted on the Patreon site, or if you find RSS feeds easier, you can find it over at http://metasploitminute.com

Another Blogging Platform

Yes yes yes, I know, another platform, but guess what, it’s my blog, so ne-ner-ne-ner-ne-ner Hugo removed what I didn’t like about Octopress (the generating / pushing of content using a mix of branches and such) The reason I moved from Blogger was I just can’t stand having to log in and be online to make posts. I love things like MarsEdit for doing offline posts to services like Blogger, but I never could get the formatting right when I was done, especiall for code, so I’m back to a markdown based system.

2016 Shmoocon Hiring List

Created the 2016 UNOFFICIAL ShmooCon Hiring List. To get on the list is even easier now! Just complete the following form: http://goo.gl/forms/pbYI0TZ9dG (One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have vs waiting on anyone, I don’t change the list order for anyone.) Direct Link to Google Doc: https://docs.google.com/spreadsheets/d/15xqphPVEnH7o2urovHWjJiS1VCjdAqcPNB_HS0yRexU/

Reverse Proxying Attacker Tools

Ever want to have all of your C2 go to the same box, have the functionality of Meterpreter, and Empire, while making it so if anyone goes to the actual site of your C2 all they get is something like Google? Nginx makes that possible, and instead of making a blog post that will disappear, I’ll point you at my combo in my “Attacker Knowledge Base” site: https://attackerkb.com/Combinations/ReverseProxyAttackTools and instead,

Back to Blogger

I’ve had my fare share of “trying new things” after SquareSpace. I tried Ghost, Octopress, Wordpress, and about 30 others in between. All the blogging platforms I tried had some major issues that I didn’t like. I’m sure at some point I’ll write about them but this post is mostly just to announce I finally have given up the fight for finding the perfect blogging platform and I’m just going to blog on Blogger from now on.

pfSense without Internets

A while back I needed to set up a pfSense box for CTF/example stuff that didn’t and wouldn’t ever have Internet connectivity. Doesn’t seem like much of a task right? Just pop it in and go. Problem is that you loose the use of the packages that help make pfSense so awesome. Once I figured it out at that time, I made a Forum post so that anyone running into the same issue wouldn’t have to struggle as much: https://forum.pfsense.org/index.php?topic=55504.0 Most things never disappear from the Internet but I was looking for an old forum post I had bookmarked regarding some persistence methods that I noticed was no longer there since the forum owner had gotten rid of the forum as too much hassle.

2015 ShmooCon Hiring

It’s often tough from both hiring and job hunters to find one another at conferences. I think this is mostly because of a couple things. No one wants to stand at a both on either side and talk job stuff in front of a bunch of people and people at booths rarely get the chance to get away. It’s hard to know “who” to talk to. So I created a very simple Google doc to help put twitter handles and links together for people who are job hunting and people who are hiring to kinda get to know who to talk to.

Powershell Popups + Capture

Metasploit Minute has entered into it’s 3rd “season”. And we kick it off with using the Metasploit capture modules to capture creds from this powershell popup. The cool thing about this is you can leave it to execute on a system without any other code on disk and get creds constantly as any level of user. No admin, no UAC bypass needed. Just a bunch of creds for free.. over SSL.

Full Disclosure - SingleClick Connect

Update: I originally posted this to the Full Disclosure mailing list but for some reason it wasn’t accepted via the moderator so I’m posting it here. First, so that the information does get out there, and second to see if anyone knows why it may have been rejected. I was helping out a family member with their computer when it came up that they “already had remote help software” (SingleClickConnect or SCC), when I asked what this was, the family member said it was installed by Dell Support when trying to fix their issue.