Simple PHP webshell with php filter chains
Recently found an LFI in a PHP application and one of the cool things I learned about recently was PHP filter chains. More info here: https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it.html However, if you are using this in a URL, it’s pretty hard to do anything too complicated since it expands the text to the ... Read More
Beautiful Basics: Lesson 4
Lessons Learned Slides Lesson 1 Lesson 2 Lesson 3 Lesson 4 Lesson 5 Lesson 6 Lesson 7 Lesson 8 Lesson 9 Lesson 10 Lesson 11 Lesson 4 - User Blaming Security is NOT everyone’s job in the company. Stop trying to force the issue. It’s security’s job to enable, incentivize ... Read More
Beautiful Basics: Lesson 3
Lessons Learned Slides Lesson 1 Lesson 2 Lesson 3 Lesson 4 Lesson 5 Lesson 6 Lesson 7 Lesson 8 Lesson 9 Lesson 10 Lesson 11 Lesson 3 - Detection Reality People and Honey tokens are THE BEST detective tool you have. Go buy a Thinkst Canary, they detect me more ... Read More
Blocking ISO mounting
Recently I’ve been hearing about malware mounting ISOs as a method of bypassing AV and EDR. For example this article from Bleeping Computer - “Uptick Seen in ISO Email Attachments Delivering Malware” posted December 23rd, 2019, or DARK Reading - “ChromeLoader Malware Hijacks Browsers with ISO Files” posted May 27th, ... Read More
LDAPSearch Reference
ldapsearch is a extremely powerful tool, especially for Windows Active Directory enumeration. It’s one of my primary tools when performing pentesting or red teaming against an environment with Active Directory, but also comes in quiet handy to know as many times it can come default installed or part of a ... Read More
Beautiful Basics: Lesson 2
Lessons Learned Slides Lesson 1 Lesson 2 Lesson 3 Lesson 4 Lesson 5 Lesson 6 Lesson 7 Lesson 8 Lesson 9 Lesson 10 Lesson 11 Lesson 2 - Least Privilege No one should have administrative access. All elevated access should be checked out when you need it and checked back ... Read More
Beautiful Basics: Lesson 1
Lessons Learned Slides Lesson 1 Lesson 2 Lesson 3 Lesson 4 Lesson 5 Lesson 6 Lesson 7 Lesson 8 Lesson 9 Lesson 10 Lesson 11 Lesson 1 - YOU could be “Legacy” Stop thinking that just because it did or didn’t work X way when you learned it, it still ... Read More
Beautiful Basics – Series
Today I keynoted @BSidesVancouver. It was an honor to be asked and I had a great time. Conference Link: https://hopin.com/events/bsides-vancouver-2022/ I talked about 11 lessons learned over my career that contradict some of the edicts that are well known in the Cyber Security space. Before we get into the lessons ... Read More
User Empowerment: Password Security
World Password Day (who knew that was a thing?) is upon us. It is the first Thursday of May every year, and that falls on May 6th this year. I’m not sure how to start this blog post, but the meat of what I want to get into is password ... Read More
SolarFlare Release: Password Dumper for SolarWinds Orion
TL;DR Here are the concerns I have regarding the SolarWinds/FireEye breach: The accounts stored in an organization’s SolarWinds Orion may be underestimated. I recently did a pentest for a firm that had over 200 credentials stored in their SolarWinds Orion database, but only 15 showed in the interface (the SolarWinds ... Read More
