I found a great writeup on modern NTLM relay attacks, which is now back in style thanks to a new vein of exploits such as PrintNightmare (CVE-2021-1675).
A security company named Praetorian just published an article on their methodologies when they get a new IoT device to analyze for security vulnerabilities. It walks you from the silicon to the code and everything in-between.
I just read on Twitter that No Starch Press (NSP) is going to be releasing a book on using the recently open sourced NSA software reverse engineering (SRE) tool named Ghidra. This is their version of IDA Pro and unlike IDA is open sourced and free. As of the time of this posting it is for pre-sale right now and you can get both the physical and eBook combo for a substantial discount. I just bought the combo pack and it looks like the eBook is already available in pdf, mobi and epub formats:
I found this image posted by the officail RTL-SDR Twitter account. It gives a comparison of the noise experienced in different frequency ranges by various software defined radios (SDRs).
Pentester Academy announced on Twitter that they have a free CTF training environment. You need to log in using your Google account, however they have a total of 25 challenges and you don’t need to VPN into their network, everything can be done with a web browser.
Order of the Overflow (OOO) which has run the CTF held at DEF CON since 2018 has most of their challenges on GitHub. It primarily includes their qualifier challenges from last year, but they also have a few of the challenges from the CTF held last year in Las Vegas.
Today on Twitter I found a really easy to follow walk through about how Kerberos works in Windows Active Directory networks. It walks you through each step of the authentication process, what machines are involved and what is happening underneath the hood. It’s a great read for anyone want to know more about how modern day Windows authentication works.
Black Hills Information Security just published a great blog post for anyone interested in software defined radios (SDRs). It links to other tutorials that he found while working with a car key fob and how he used GNU Radio paired with a HackRF One to capture and replay the signal back to the receiver. This is a good read for anyone interested in doing working with SDRs.
BHIS Blog Post: http://bit.ly/3467czI
Update 20191226: In the latest updates for Windows 10 and Windows Server 2019 these steps are slightly different. You need to disable two local GPOs policies. The first is labeled as “Turn off smart multi-homed name resolution” and the second is “Turn off multicast name resolution”.
Many of you are probably already familiar with what Responder does. It takes advantages of protocols such as LLMNR to spoof responses to Windows auto proxy discovery. Black Hills Information Security has just published a blog post on how to disable LLMNR. This protocol has no security, is a broadcast layer 2 protocol and was designed to be used for DNS resolution when there is no DNS server in the network. Nice right? It is also how Windows performs it’s proxy discovery since Windows Vista and it can be spoofed from any node on the broadcast domain. This has been used by hackers to send the user to a proxy server they control to steal user credentials for websites such as online banking and also exploit the browser itself.
BHIS Blog Post: http://bit.ly/2RHtBAZ