Splunk Reverse Shell

by Vince
in Blog
Hits: 995

I've been MIA for a bit mostly because I've been preparing for, and speaking at, security conferences.  In April, I spoke at BSides Iowa and this past June, I spoke at BSides in San Antonio, Texas.  I'm still waiting to hear back from BSides Kansas City and I just got accepted to speak at Grrcon which is one of my favorite cons. I'm busy to say the least.  That being said, I'm working on a new talk which means I'll probably be blogging more.  It's counterintuitive but building a presentation is basically writing a blog post with less text.  Anyway, enough about that.  

Read more

Danger Cloud

by Vince
in Blog
Hits: 966

The benefits of cloud are amazing and I think that is fairly common knowledge at this point but there are also some associated dangers.  I think first and foremost, the most dangerous aspect of cloud is the simplicity in which resources can be stood up.  Let's say you need 10TB of storage quickly.  Gone are the days of ordering a physical server, or even server software, and with a few mouse clicks, you have an endless amount of storage.  It is so simple that regular users create and manage resources. 

Somewhere along the way, those managing said storage containers misunderstood the term "public" on S3 buckets.  That lead to private data being exposed on the Internet and a number of talks were given on the subject.  For a time, S3 buckets had big, bold, text stating the status of the buckets.  Those days have passed and I think most buckets are properly configured but the problems don't end with S3.

Read more

Gone Phishing

by Vince
in Blog
Hits: 840

As of April of this year, " Macros from the internet will be blocked by default in Office ".  The impact remains to be seen.  I'm on the fence as to what will happen because having spent many years as an administrator, I can only imagine the furious users who are unable to view legitimate documents.

I've been a penetration tester for 10 years.  It goes without saying that I've used macros as an attack vector.  Will this stop me from phishing?  No.  It's not the specific technique that moves my position, it's the concept.  I'm going to send an email to a user, I'm going to get the user to do something they shouldn't, and I'm going to achieve my goal.  The specifics will always adapt to the current environment.  

Read more