Hack the Box : Offshore

by Vince
in Blog
Hits: 426

From the Hack the Box website:  "What Are Pro Labs -- Interactive, hands-on, complex scenarios that give players the chance to penetrate enterprise infrastructure and hone their offensive engagement skills. Pick any of our Pro Labs, own it, and get your certificate of completion."

Read more

Abusing Trusts : SID Hijacking

by Vince
in Blog
Hits: 492

In a past life, I was part of an IT team who did the integrations for mergers & acquisitions.  When we would bring a new company into the fold, we would tie our domains together through Trusts.  Initially, we would just establish the Trust without moving any users into groups.  That's the position we have right here and we're going to abuse this relationship in order to pivot from the child domain to the parent domain.  

We need a couple of tools:  Mimikatz and PowerSploit:

Read more

Splunk Reverse Shell

by Vince
in Blog
Hits: 431

I've been MIA for a bit mostly because I've been preparing for, and speaking at, security conferences.  In April, I spoke at BSides Iowa and this past June, I spoke at BSides in San Antonio, Texas.  I'm still waiting to hear back from BSides Kansas City and I just got accepted to speak at Grrcon which is one of my favorite cons. I'm busy to say the least.  That being said, I'm working on a new talk which means I'll probably be blogging more.  It's counterintuitive but building a presentation is basically writing a blog post with less text.  Anyway, enough about that.  

Read more