To [Hell] Shell and Back
October 27, 2016, Justin Berry, Security Consultant, Coalfire Labs
My initial thought was it has to be the firewall keeping my reverse shell from getting out of their environment. So, leveraging the command execution vulnerability, I started testing outbound internet access from the vulnerable server to my server on the internet, only to find that the port I had been using all along in the initial Metasploit attempt was allowed out. This left me with a sense of disappointed optimism because the firewall isn’t blocking it, but for some reason it isn’t working. “Maybe it’s getting caught by Anti-Virus”, I thought. I used the command execution to generate and execute an FTP script that would download a payload from my server. The logs on my server showed an active download from the target companies network. “.. Excellent..”, I mischievously muttered to myself in my best Mr. Burns impression.
What does the FBI have to say about ransomware
October 03, 2016, Tom Glaser, Healthcare Solutions Architect, Coalfire
The FBI provided guidance on ransomware at a recent FBI/US Secret Service/ISAC event. They defined ransomware as a type of malware that is commonly transmitted through malicious email, which is disguised to look normal. Once the email link has been clicked on, or an email attachment has been opened, the malware installs on the computer. After installation is completed, files on the computer become locked using encryption and cannot be opened without the key. A ransom message is then displayed with information on how to pay the ransom.
Thoughts on BSides Las Vegas 2016
August 22, 2016, John Skipper, Senior Consultant, Coalfire Labs
I recently attended “Infosec Week” in Vegas - Black Hat, BSides and DEFCON. BSides is a high point every year. This smaller Con has a plethora of perks which make it a “must attended” and also offers many of the same benefits or advantages or opportunities as Black Hat and DEFCON.
Best of Enterprise and AD Exploitation at Black Hat / DEFCON
August 22, 2016, Marcello Salvati, Senior Security Researcher, Coalfire Labs
Lots of hacks, lots of people, lots of content, and lots of parties. That basically sums up this year’s BlackHat and Defcon. The two conferences seem to get bigger every year with no sign of slowing down, which emphasizes how cybersecurity is becoming more and more of an issue for everyone: governments, fortune 1000 companies, small businesses and single individuals alike.
What is Defcon
August 17, 2016, Justin Wynn, Associate Consultant, Coalfire Labs
The first year I attended, I was lucky enough to identify interesting wireless signals with a distinct sound – that of the POCSAG and FLEX protocols. Decoding these signals revealed party invites to the Telephreak party where I listened to raw, uncensored lightning talks covering topics from car hacking to the fragility the entire West Coast’s power grid, and even met notable figures like Kevin Mitnick. It’s not unheard of for other notorious characters, like John McAfee, to attend events like these and share war stories.