Category General

Advice for people starting to pursue a career in Cyber Security

For many reasons, I frequently get asked for advice from people who are just starting to pursue a career in Cyber Security. I wanted to write this blog post to give advice and give back to the community I love so much. I think I have a somewhat unique perspective. I’ve been an employee (for […]

NYS DFS 23 NYCRR 500 – An Overview

New York State Department of Financial Services – 23 NYCRR 500 – ‘CyberSecurity Requirements for Financial Services Companies’ Overview: Yes, that title is a serious mouthful! In this post I want to give a quick overview of what this new law states and requires as it was just released today! Like most legal documents it can […]

Bypassing HSTS via Adobe CrossDomain.xml

Bypassing HSTS when Adobe crossdomain.xml is configured to be overly permissive. Synopsis Domains protected by HSTS which use an Adobe CrossDomain Policy (poorly configured) are vulnerable to the very attacks which HSTS is meant to protect against. The issue presents itself when the CrossDomain Policy allows access from domains without HSTS protections. The most damning configurations […]

Tool Release – webshot – Web and URL Screenshot tool

Synopsis: I’m releasing version 0.1 of a web screenshot tool I wrote to make recon of a target organizations web resources very fast and effective. Details: I chose to write a tool to perform this task after trying to find one that fit my needs but unfortunately the tools I found either didn’t fit exactly […]

Book Review: What Every Body Is Saying

Synopsis: No it’s not a typo, that’s the name of the book. If you’re a penetration tester or into social engineering you MUST read this book, however anyone and everyone will find this extremely entertaining and really enlightening. There was so much to this book, I can’t recommend it enough. Immediately the author really draws […]

Insider Rogue Certification Authority Attack

Overview The fundamental issue with SSL is that of trust.  Despite all the effort that has gone into a robust and cryptographically secure design for SSL, its foundation is still easily abused.  In this paper I will explain an often-overlooked area of SSL exploitation.  That is the ability for any certificate to act as a […]

Capturing The Derbycon CTF

My good friend Justin and I recently won the Derbycon Capture The Flag competition. A few people mentioned that they’d be interested to see a write up from us. It seemed that more people were interested in our methodology than anything else so I will discuss our strategy and tactics and if anyone is interested […]

Configure Callback Laptop Checklist

The point should be obvious. Deploy a stealthy box/laptop (linux based toaster?) at a target’s site. Have it call home on a ubiquitous/innocuous port, bypassing any firewall rules and voila you are inside the candy shell. Install Linux (depending on situation you might want FDE) install security tools (nmap, build-essential, nc, etc) vi /etc/default/acpi-support Disable […]

Win32 EICAR Creator

Source and Executable Here I had posted earlier about the EICAR virus. Threw together a simple prog to spit out the virus to any location for testing of antivirus programs. Usage: eicar.exe . Let me know if it comes in handy, I’ll show an example of some creative uses later.

Norton / Symantec Uninstall Password…. wtf?

So apparently if you want to uninstall Norton Antivirus and you get prompted for a password you can disable this as easily as you can change your background. All you need to do is flip the value of the following registry key from 1 to 0. HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Administrator Only\Security\VPuninstallpassword This seems to beg the question… wtf? […]