Abusing SeImpersonatePrivilege

by Vince
in Blog
Hits: 330

SeImpersonatePrivilege is one of those rights that I've yet to see used in the real world. 

Per the screenshot below:  'When you assign the "Impersonate a client after authentication" user right to a user, you permit programs that run on behalf of that user to impersonate a client.'  

Read more

Socat Reverse Shell Relay

by Vince
in Blog
Hits: 1270

From the man pages:  "Socat is a command line based utility that establishes two bidirectional byte streams and transfers data between them."  Think of Socat as another tool like Netcat, Chisel, or anything else that can do port forwarding and such.  Where Socat comes in handy is when we've pivoted into an environment and we want to funnel traffic back out.  For this post, let's say we want to catch a reverse shell but we're one or two segments deep.

Read more

Exploiting MacOS

by Vince
in Blog
Hits: 560

I have a friend that is a huge Mac nerd and about a year ago, he was talking about Mac OS being secure.  Full disclosure, I have a MacBook Pro and a Mac Mini -- I like the platform.  But I took his comments as a challenge, jumped on Ebay, and I bought a Mac Mini for exploitation. 

Under the hood, a Mac is a Linux operating system and like most Linux flavors, there are variations between them.  Let's be honest, at some point, a Mac Remote Code Execution (RCE) vulnerability will materialize and having Tactics, Techniques, and Procedures, for the Mac platform will not hurt me.  And that's basically what this is all about.

Read more