Update 20191226: In the latest updates for Windows 10 and Windows Server 2019 these steps are slightly different. You need to disable two local GPOs policies. The first is labeled as “Turn off smart multi-homed name resolution” and the second is “Turn off multicast name resolution”.
Many of you are probably already familiar with what Responder does. It takes advantages of protocols such as LLMNR to spoof responses to Windows auto proxy discovery. Black Hills Information Security has just published a blog post on how to disable LLMNR. This protocol has no security, is a broadcast layer 2 protocol and was designed to be used for DNS resolution when there is no DNS server in the network. Nice right? It is also how Windows performs it’s proxy discovery since Windows Vista and it can be spoofed from any node on the broadcast domain. This has been used by hackers to send the user to a proxy server they control to steal user credentials for websites such as online banking and also exploit the browser itself.
Black Hills Information Security just published an article with a lot of living off the land techniques for pentesting and red teaming. Turns out there is a lot you can do on modern day Windows systems such as decode Base64 data using “certutil.exe” and writing data to the clipboard using “clip.exe”.
I ran across this awesome article discussing different ways you can disable and/or bypass the execution policy in PowerShell. Turns out they found 15 of them! This is critical when you are performing penetration tests and using techniques such as “living off the land”.
If you haven’t changed your IoT devices credentials from their defaults, you should! This botnet is using default credentials to take over the IoT device and corrupts the embedded Linux operating system by overwriting it’s storage, dropping the firewall, etc. To get it back up and running you will need to re-flash the firmware in most of the cases.
Someone posted this video on one of the Slack workspaces that I’m on. It was really informative on the techniques used and where the current state of the art quantum computers currently are. The good news is current quantum computers don’t have enough quantum memory to break large primes, however I wonder if there’s such a thing as Moore’s Law for quantum computing in which case the Internet will be in big trouble in just a few years.
I found this tutorial on using recon-ng, which is a tool used for pentesters for gathing open source intelligence (OSINT) about an individual or a company. It features a Metasploit-like interface and has the ability to crawl social networks, Google, WHOIS databases, etc to collect information about a company, it’s employees, it’s domains, etc.