This challenge has two phases. The first one involves creative thinking and research. The second one is live malware and reversing. Instructions and hints are built in. Rules and things you’ll need: 1. You need an isolated environment with a Windows Vista/7/10 VM guest, and a snapshot. On the VM, Read more…
Google and others have been working on implementing DNS over HTTPS. https://tools.ietf.org/id/draft-hoffman-dns-over-https-00.html This allows bypass of things like RPZ, DNS blackholes, and other protections. All the more reason to start thinking about SSL inspection. The right to privacy is understandable, but protecting users, assets, and data is more important. This Read more…
Struts vulnerable ISOs. https://pentesterlab.com/exercises/s2-045 https://struts.apache.org/docs/s2-045.html – CVE-2017-5638 https://pentesterlab.com/exercises/s2-052 https://struts.apache.org/docs/s2-052.html – CVE-2017-9805 Pentesterlab has over 20 free labs where you can learn some techniques used for some pretty big vulns that happened over the past few years. Pro version is 20 bucks a month. Good to see someone doing this again. Read more…
MISP is free and it’s one of the best threat sharing platforms I could find. The beauty of MISP is how easy it is to integrate with tools like bro, Snort, and RPZ. You can do API calls and pull in only the data that you want to either alert Read more…
I’ve been comparing SSL decryption services and devices, and Zscaler is much more than that. It’s an all-in-one Content Filtering, SSL decrypting, DLP, Bandwidth controlling(quota), IPS, Malware preventing(including sandbox) awesome cloud based solution. AND, It works with mobile devices even if they’re roaming! The solution consists of GRE tunnels out Read more…
Here’s how to install the CA certificate on multiple platforms for MITM. For Linux you have to import certificates into individual browsers. For Firefox, go to edit/preferences/advanced/certificates/view and import the cert under authorities. Check the box for “Identifies Websites.” For Chrome, click settings, search for cert, and open ‘Manage Certificates.’ Read more…
Here’s how to generate custom certs and perform a MITM + SSL decryption with bettercap or Squid. MITM with Bettercap. Create a private key, CSR, and Certificate. openssl genrsa -out mitm.key 2048 openssl req -new -key mitm.key -out mitm.csr openssl x509 -req -days 3652 -in mitm.csr -signkey mitm.key -out mitm.crt Read more…
Attacker: 172.16.1.10 Victim: 172.16.1.20 Router: 172.16.1.1 Arpspoof method: First enable forwarding on the attacking system. echo ‘1’ > /proc/sys/net/ipv4/ip_forward Poison the ARP table of the router to tell it that you are the victim. arpspoof -i eth0 172.16.1.20 172.16.1.1 Poison the ARP table of the victim to tell it that Read more…
Here’s a pfSense setup with a HE tunnel, routed /64 on the inside, and a subnetted out /112 for the VPN. Inside users have dual stack and can surf v4 or v6. Outside users VPN in, and receive an IPv4 and v6 virtual IP. Once in they can route out Read more…
Here’s how to configure a pfSense firewall to be a VPN client so IPv4 traffic always traverses the VPN. Build a VM at a cloud provider and configure it as an OpenVPN server. Using a self signed CA, cert, and TLS auth. For pfSense, take the following steps. Cat your Read more…