Author Archives: twrightson

NYS DFS 23 NYCRR 500 – An Overview

New York State Department of Financial Services – 23 NYCRR 500 – ‘CyberSecurity Requirements for Financial Services Companies’ Overview: Yes, that title is a serious mouthful! In this post I want to give a quick overview of what this new law states and requires as it was just released today! Like most legal documents it can […]

Bypassing HSTS via Adobe CrossDomain.xml

Bypassing HSTS when Adobe crossdomain.xml is configured to be overly permissive. Synopsis Domains protected by HSTS which use an Adobe CrossDomain Policy (poorly configured) are vulnerable to the very attacks which HSTS is meant to protect against. The issue presents itself when the CrossDomain Policy allows access from domains without HSTS protections. The most damning configurations […]

Tool Release – webshot – Web and URL Screenshot tool

Synopsis: I’m releasing version 0.1 of a web screenshot tool I wrote to make recon of a target organizations web resources very fast and effective. Details: I chose to write a tool to perform this task after trying to find one that fit my needs but unfortunately the tools I found either didn’t fit exactly […]

Capturing Windows 2K and XP Credentials at logon using stub GINA DLL

I wrote this DLL years ago and spoke about it at Rochester BSides last year. I’ve been meaning to post this since then, but time tends to get away from me. Because Windows 2K and XP might not be around that much longer I’m going to keep this post short and sweet. You can download […]

Book Review: What Every Body Is Saying

Synopsis: No it’s not a typo, that’s the name of the book. If you’re a penetration tester or into social engineering you MUST read this book, however anyone and everyone will find this extremely entertaining and really enlightening. There was so much to this book, I can’t recommend it enough. Immediately the author really draws […]

Social Engineering – Scraping Data from Linkedin

Summary: A method and scripts to grab bulk data from Linkedin profiles and format it, using Burpsuite, curl, grep and cut. In this case to create a username list for identifying emails and domain accounts. Foundation: I was performing a relatively unique task for a social engineering engagement for a client. Normally I’ll just receive […]

Book Review: Shoninki – The Secret Teachings of the Ninja

I recently finished reading “Shoninki: The Secret Teachings of the Ninja” by Master Natori Masazumi – “The 17th-Century manual on the Art of Concealment”. This book is an absolute must for anyone into hacking, penetration testing or any other form of offensive security. It’s a very short and quick read, only 140 ‘small’ pages of […]

Genesis – Generic Rootkit Dropper with SSL Support

Quick update to add SSL support to Genesis, my (very) generic rootkit dropper which you can download at http://leetsys.com/programs/genesis/genesis-ssl.zip.  This allows us to download our rootkit over an encrypted tunnel.  Genesis still uses the curl library, however I chose not to compile it statically in this case.  If you wanted to compile this statically you’d have […]

Insider Rogue Certification Authority Attack

Overview The fundamental issue with SSL is that of trust.  Despite all the effort that has gone into a robust and cryptographically secure design for SSL, its foundation is still easily abused.  In this paper I will explain an often-overlooked area of SSL exploitation.  That is the ability for any certificate to act as a […]

Capturing Windows 7 Credentials at Logon Using Custom Credential Provider

For the Eternally Impatient The quick lowdown: I wrote a DLL capable of logging the credentials entered at logon for Windows Vista, 7 and future versions which you can download at https://github.com/tdubs/credential-provider.  The credentials are logged to a file located at c:\cplog.txt.  Simply copy the dll to the system32 directory and run the included register.reg […]