Introducing Red Baron - Automate the Creation of Resilient, Disposable, Secure, and Agile Infrastructure for Red Teams
February, 2018, Marcello Salvati, Senior Security Researcher, Coalfire Labs
The need to automate the creation of disposable red-team infrastructure is key to providing effective adversary simulations. As Coalfire Labs continued to grow, our team needed a system to quickly configure and spin up C2 and/or phishing infrastructure, run multiple campaigns at the same time, and recreate infrastructure if some parts got detected and/or blacklisted.
How I discovered CVE-2017-13707
October, 2017, Michael Allen, Senior Consultant, Coalfire Labs
New Vulnerability Found Using Techniques Taught at Black Hat USA
One of the topics I teach in Coalfire's Adaptive Penetration Testing course, given most recently at Black Hat 2017, is manual privilege escalation on Linux- and Unix-based systems. I also talk about how common it is to gain an initial foothold in an environment by leveraging default or easily guessable login credentials. During a recent red team engagement, I leveraged both of these techniques – not only to fully compromise the organization's Active Directory environment, but also to discover and exploit a previously unknown vulnerability in the Replibit Linux distribution installed on a server on their network.
Blueborne – Don’t Panic!
September, 2017, Communications Team, Coalfire
Here is what we know right now: Security company Armis recently released research identifying eight newly discovered vulnerabilities that exist in the wireless communications protocol Bluetooth, which could potentially affect a large percentage of the estimated 8.2 billion Bluetooth enabled devices, including laptops, mobile phones, and other IoT devices.
Forensically Imaging a Microsoft Surface Pro 4
August, 2017, Robert Meekins, Director, Forensics, Coalfire
Working on digital forensics can sometimes create some challenging situations. Recently, we received a couple of Microsoft Surface Pro tablets to image and analyze. Having conducted forensics for a while, I realized that, depending on the version, imaging this tablet could be a challenge. Some setbacks normally associated with Surface tablets include not being able to remove the hard drive, the inability to place the device in target mode, and the hardware being very finicky about what OS can and cannot boot. Ultimately, the challenge comes down to having to use the tablet itself to perform the image, and the only option for input is a single USB port.
Coalfire’s Adaptive Penetration Testing at Black Hat Helped Prepare Tomorrow’s Security Talent
August, 2017, Ryan MacDougall, Sr. Security Consultant
What makes a penetration tester highly successful? Most obviously, the technical skills to hack into a network, application, or location comes to mind first, and without those capabilities and the ability to continuously learn, an aspiring pen tester has a tough road ahead of them.