This year’s SANS Holiday Hack challenge, called KringleCon, is now LIVE!
I found this video on Reddit today and it does a really good job at explaining what XXE is and how it can be abused.
Black Hills Information Security (BHIS) just did a webcast on the top utilities they used during the penetration testing this year. Here’s a rundown of all the tools they discussed. Recording of the web cast can be found here: http://bit.ly/2rLqlpM
* ADExplorer – Microsoft utility that is digitally signed by Microsoft and written by SysInternals. Has the ability to run over the web.
* PowerOPS – Go directly to C# bypassing PowerShell and includes Mimikatz, DLLInjection, etc.
* Powerline – Utilizes System.Management.Automantion.dll to call into PowerShell within C#. Allows you invoke PowerShell scripts through the DLL.
* CredKing – Password spray using the cloud to come from random IPs of another cloud provider. Useful for attacking O365.
* MailSniper – Email collection program that has the ability to do keyword searches. Written by BHIS.
* Evilginx – Awesome phishing site cloning utility.
* Domain Hunter – This Python based tool was written to quickly query the Expireddomains.net search engine for expired/available domains with a previous history of use.
* Domain Gain – Helps with finding and registering categorized domains so that you can assume the categorization of the domain. This is very useful for bypassing web-proxy filters and evading other network detections.
* OSfuscate – Modifies your TCP/IP stack to emulate another device.
KringleCon looks like it may kick off this weekend. Last year it kicked off on a Thursday and ran through Saturday. I modified the dates of the event to match what I’m expecting. Stay tuned and RSVP here!
Yes, you heard that right. Chrome (and Chromium) as well as Opera (and some other browsers that are built off Chromium) all use SQLite to track data such as cookies and it’s REMOTELY exploitable. So be sure to upgrade to the latest versions if you using any of the browser mentioned in the article linked below.
Adobe finally release a patch that will address the vulnerability mentioned in this post:
Ed Skoudis just released a YouTube video discussing the upcoming SANS Holiday Hack Challenge dubbed KringleCon! Please make sure you register in advance.
On Tuesday December 11th Microsoft released several patches for critical vulnerabilities that would gain execution for privilege escalation and remote code execution.
Additionally there is also a vulnerability in their DNS Server that affects Windows 2012R2 and higher.
I found this article by SANS on using GNU Debugger (gdb) to trigger random functions in malware to discover hidden functionality.