Danger Cloud

by Vince
in Blog
Hits: 332

The benefits of cloud are amazing and I think that is fairly common knowledge at this point but there are also some associated dangers.  I think first and foremost, the most dangerous aspect of cloud is the simplicity in which resources can be stood up.  Let's say you need 10TB of storage quickly.  Gone are the days of ordering a physical server, or even server software, and with a few mouse clicks, you have an endless amount of storage.  It is so simple that regular users create and manage resources. 

Somewhere along the way, those managing said storage containers misunderstood the term "public" on S3 buckets.  That lead to private data being exposed on the Internet and a number of talks were given on the subject.  For a time, S3 buckets had big, bold, text stating the status of the buckets.  Those days have passed and I think most buckets are properly configured but the problems don't end with S3.

Read more

Gone Phishing

by Vince
in Blog
Hits: 278

As of April of this year, " Macros from the internet will be blocked by default in Office ".  The impact remains to be seen.  I'm on the fence as to what will happen because having spent many years as an administrator, I can only imagine the furious users who are unable to view legitimate documents.

I've been a penetration tester for 10 years.  It goes without saying that I've used macros as an attack vector.  Will this stop me from phishing?  No.  It's not the specific technique that moves my position, it's the concept.  I'm going to send an email to a user, I'm going to get the user to do something they shouldn't, and I'm going to achieve my goal.  The specifics will always adapt to the current environment.  

Read more

Dumping Lsass

by Vince
in Blog
Hits: 259

I gave a talk recently at BSides Iowa and now that my talk is finished I wanted to get back to blogging.  There were a number of topics in my talk and a number of them have yet to be written about.  One of those topics is about the recent changes in Lsass.  Basically, Microsoft has restricted our ability to use Mimikatz to dump Lsass. 

What is Lsass? 

Local Security Authority Subsystem Service (Lsass.exe) is the process on an Active Directory domain controller. It's responsible for providing Active Directory database lookups, authentication, and replication.

To summarize that into something meaningful, Lsass contains usernames, passwords, and hashes. 

Read more