Nov 22, 2013
The Domain Name System is crucial for human interaction with networks. Gathering information about a target is critical to performing a successful penetration test, and the DNS service is one of the key sources of this information. Today, I want to write about the different types of information that can be discovered by probing this service using a mix of command line tools and web resources. There are many tools available to interact with DNS, but today I’m going to cover the use of nslookup, host, and dig on the command line, and the netcraft website.
BSides DC 2013
Oct 21, 2013
Some thoughts of mine* from BSides DC 2013:
Bruce Potter - Keynote My takeaway from this discussion was that we should all strive to be better hackers, and moreover, people in general. Meh, that’s simplified and cliche, so let me expand:
This industry has grown large. Very large. What was once the realm of what I’ll call “true” blackhats and whitehats - those adventurers whose sole purpose was to seek the thrill of hacking offensively and defensively - has had billions of dollars infused into it over the past two decades.
Oct 7, 2013
As with most things related to pen-testing, there are many different ways to enumerate the subdomains of your target. One promising tool I’ve been playing with recently is recon-ng. I won’t be at all surprised if recon-ng becomes as popular for the reconnaissance phase of a pentest as metasploit has become for the exploit phase. Today, though, I want to talk about a fun method I used a few weeks ago to find out more about the subdomains of my target.
Configure Your Environment
Oct 1, 2013
In my last post on Reverse Shell Methods, I discussed the shell a lot. As a penetration tester, I spend the majority of my actual “work” time in a shell. I leverage Windows, OSX, and Linux about evenly throughout the day, so I’ve tried to customize my environment in all three, though I have had substantially more success tweaking OSX and Linux to my liking. Today, I want to discuss the way I’ve configured my OSX, Kali, and Metasploit prompts to give me the information I need when I need it - for example, when you are writing your penetration test report.
Reverse shell methods
Sep 30, 2013
Welcome and Hello! Let’s get started… Today’s topic: Reverse Shells
What is a Reverse Shell? A reverse shell is a method by which penetration testers (and bad guys!) can gain a shell, or user command access, on a target. They are very useful because they initiate communication from a trusted host inside the perimeter to a host outside of the perimeter. This means a reverse shell has the capability to bypass firewall ingress rules, which would prevent incoming connections - aka bind shells - from reaching into the network to gain user command access on a host.
OSX Terminal - List Processes
Jun 23, 2012
The UNIX command for listing processes from the command line is:
ps “ps” stands for “process status” and by default it will print a list of processes identifiers, controlling terminals, CPU time (user and system), state, and the associated command. Here is the output I see when I type “ps” at the terminal:
$ ps PID TTY TIME CMD 17559 ttys000 0:00.05 -bash 23627 ttys000 0:00.01 man ps 23630 ttys000 0:00.
Federal conference takeaways
Jun 12, 2012
Network Defenders MUST Understand What They Defend I know, this is common sense, right? Wrong. Enterprise networks continue to grow cruft; very rarely will they stagnate. Often times networks are set up by one group of people, all of whom are long gone by the time you show up to do your job and leave behind no documentation (feeling that gut churn yet?). What do you do then?
Powershell Environment Variables
Mar 13, 2012
Here, I will describe a couple of methods to determine Powershell’s environment variables.
Environment variables correlate names to values of special paths that the host Operating System relies on for functionality. For example, Windows hosts use an environment variable called TEMP to label a folder as the place for applications to place data that is temporary in nature - such as application installers.
Method One ls env: That’s “ell-ess space env colon.