Security Balance

An interesting discussion has been produced by the blog post from HD Moore related to the value of learning assembly for penetration testing. It was intensively discussed on the cisspbr forum, but mostly because of other reasons. As HD said, almost all additional knowledge is useful. I agree with that, but I think we should [...]

This PoC from Didier Stevens clearly shows how stupid is to allow PDFs to start new processes. We’ll end up creating bloated monsters like the current browsers to deal with these files. Can someone please “strip down” the PDF format to something that makes sense again???   I wonder what happened to “pure data” formats; [...]

I don’t hide it from anybody; when doing pentests, my favorite approach was to simply browse information in open shares until I could find some user credentials there (yes, in big organizations, they are always there: scripts, source code, ini files…). With those in hands, try to see what else I was able to have [...]

I’m a bit late on this subject, but I think it’s worth a post. For those who usually do pentesting and usually get some access to Windows boxes, but are looking for a specific credential (like a domain admin), impersonating access tokens available can be a very useful approach. The details about how to do [...]

It would be impossible to write about low hanging fruits without mentioning network shares. I say it because they are usually my favorite path to elevate privileges when I’m performing a penetration test. Among stuff that I’ve already found on unprotected (I mean, Everyone – Full Control) shares are: – Source code for critical applications [...]

Now that I’m back to pen testing I’m having the chance to see the mistakes that admins are going into nowadays. There is something very interesting that Windows domain administrators sometimes forget and needs to be addressed as it brings serious security implications: login script files permissions. Login scripts are those little batch scripts that [...]