ERC.Net – A Toolset for Analyzing Windows Application Crashes
October 02, 2019, Andy Bowden, Consultant, Coalfire Labs
ERC.Net is a collection of tools designed to assist in analyzing and debugging Windows application crashes in order to identify potential security vulnerabilities. Supporting both 64 and 32 bit applications, ERC.Net has many use cases including parsing Windows file headers, identifying compile-time flags such as ASLR, DEP and SafeSEH, generating nonrepeating patterns and platform-specific egg hunters, detecting process information such as loaded modules and running threads, reading the TEB of a specific thread, and assisting in the identification of numerous types of memory vulnerabilities.
When Checking the Box Results in Two Zero Days and Root (CVE-2019-14257 and CVE-2019-14258)
August 21, 2019, Jakob Nelson, Associate, Coalfire Labs
Finding new bugs and exploiting them can be exciting and fun for a penetration tester. I was ecstatic to find my first two zero-days, and I used them to break a system from no access to root. This was a good day for me – but the story behind the story provides some real lessons enterprises can apply to their security programs.
Introducing Slackor, a Remote Access Tool Using Slack as a C2 Channel
June 19, 2019, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire
As a penetration tester at Coalfire Labs, I frequently use exploitation frameworks such as Metasploit or PowerShell Empire to perform post-exploitation actions on compromised endpoints. While anti-virus (AV) bypass and detection avoidance is often trivial in all but the most mature environments, detections from AV have caused me to look toward custom tooling to mitigate the risk of being detected by both traditional AV as well as security operations teams relying on network indicators. Over the past year I’ve been slowly developing my own tooling to deal with these challenges.
Fuzzing: Common Tools and Techniques
June 04, 2019, Andy Bowden, Consultant, Coalfire Labs
Fuzzing is a software testing methodology that can be used from either a black or white box perspective and predominantly consists of providing deliberately malformed inputs to an application to identify errors such as unhandled exceptions, memory spikes, thread hangs, read access violations or buffer overruns that could lead to further compromise of a system.
pymetasploit3 – Metasploit Automation Library
May 20, 2019, Dan McInerney, Senior Security Consultant, Coalfire
Have a checklist of tasks you perform every penetration test, such as SSH bruteforcing or port mapping? Automate it with Python and Metasploit! Unfortunately, there hasn’t been a working, full-featured Python library for making these tasks easy for many years now. This changes today.