All too often during pen tests I still find VPN endpoints configured to allow insecure Aggressive Mode handshakes. Fortunately, gaining access to the internal network as a result of this vulnerability remains a fairly complex task. Hopefully this series of posts will clarify this process and demonstrate the risk this type of misconfiguration can pose to a network...
So, what are we going to do to change this? One of the pieces we’ve been working on is trying to merge Lua into Ettercap. We did a presentation at Derbycon last year about how we planned to do this, and now we have some practical uses. We’re going to take a look at how to build easy to use scripts, similar to the Nmap NSE scripts, to allow manipulation and parsing of data that would otherwise require C code.
For several years before July 2012 takedown, Grum was one of the notorious spam botnets and at one time was responsible for more than 30% of spam worldwide. Last year’s Grum botnet takedown was a victorious feat by the security community and could be considered as one of the most significant takedowns of 2012. However, the effect of this takedown seems to be temporary as we’ve observed spam volume from Grum bot trickling back:
Remember two weeks ago when we said it was almost time for Spring? Well, it's certainly not that time here in Chicago. It's more winter than ever with even more on the horizon. Hopefully someone somewhere is warm.
In any case, today is the time for the release of the most recent update to the TrustKeeper scan engine. We've included 7 new vulnerability tests that include tests for Apache, PHP and Cisco. This update also contains a whole bunch of improvements to current tests and many other improvements to the engine itself. Enjoy!
In the past few months, we have had quite a few social engineering and client-side penetration tests, and, as you have probably noticed from my previous posts, these are the types of tests I enjoy doing, a lot.
Let me start this blog post briefly describing our usual approach and results for one of the baiting attack exercises we have performed. In this particular case, we have used traditional and old school techniques that still work.
Baiting attacks could be very similar to phishing attacks, however, instead of using email as the delivery method of the attack we use different ways of physical media which relies on the curiosity or sometimes even greed of the victims.
Over the last year or so, I’ve noticed 2 ports appearing more frequently during internal penetration tests, namely 27017/tcp and 28017/tcp. These can be easily missed if full port scans are not performed.
A quick service scan revealed this as ‘MongoDB’. I had heard of it before, but never really taken the time to look at it in any great detail. After a couple of hours of research, I realised this database was
coming up in the world. Looking at their Production Deployment Use Cases on MongoDB’s website , it’s being used by large corporations such as Disney, Forbes, MTV, UK Government to
name just a few.
So, it was time to fire up a test VM, and download the latest version to have a ‘play’.
Saint Patrick’s day is quickly becoming Saint Patrick’s week. Some cities have scheduled their parade a week earlier than the actual day, which I guess means an extended period of green beer. Hopefully the luck of Irish is with you this month as Microsoft rolls out seven bulletins that may impact your systems. If they attackers get lucky they could end up execute arbitrary remote code so grab your lucky charm and apply these patches as soon as you can so you go grab some of that green beer before it is all gone.