Application Self Protection – A New Addition to the OWASP Top 10
OWASP has just released their release candidate of the Top 10 most critical web application security risks. While no major changes were included, they added two new ones. This blog discusses the first one in the list: A7 – Insufficient Attack Protection
Dynamic Binary Analysis with Intel Pin
Intro to Intel Pin Dynamic Binary Instrumentation (DBI) is a technique for analyzing a running program by dynamically injecting analysis code. The added analysis code, or instrumentation code, is run in the context of the instrumented program with access to real, runtime values. DBI is a powerful technique since it does not require the source […]
How to get SQL Server Sysadmin Privileges as a Local Admin with PowerUpSQL
In this blog I outline common techniques that can be used to leverage the SQL Server service account to escalate privileges from a local administrator to a SQL Server sysadmin (DBA).
Beautifying JSON in Burp
Most penetration testers know the pain of trying to view and modify an unparsed JSON string. This Burp extension removes that burden and allows live editing of beautified JSON strings.
Expanding the Empire with SQL
The core of PowerUpSQL is now in Empire. Let’s quickly go over how these modules work in Empire as a few changes had to be made for it to be integrated.
Targeting Passwords for Managed and Federated Microsoft Accounts
The Basics With the continual rise in popularity of cloud services, Microsoft launched their Azure cloud infrastructure in early 2010, which eventually went on to support their Virtual Machines, Cloud Services, and Active Directory Domain Services. There are two different ways a Microsoft domain can support cloud authentication; managed and federated. A federated domain is […]
SQL Injection to Help You Sleep at Night
If there’s anything to be learned from Gitlab’s recent downtime (which they handled amazingly well), it’s that production databases need to be pampered. They aren’t something to play around with and as penetration testers that responsibility extends to us. Many companies will allow testing in production, it can be argued that it is the responsible […]
Getting Started with WMI Weaponization – Part 6
Lets look at another practical example of weaponizing WMI using PowerShell. Earlier we went over how to create a custom WMI class. Using this class along with the Set-WmiInstance command we can create a class that we can then use to store files as Base64 Encoded strings.
Getting Started with WMI Weaponization – Part 5
Establishing Persistence with WMI Like SQL, WMI can be setup with a set of Triggers. We can use these triggers to maintain persistence on a system by launching commands after a specified event is detected. These are stored in the root/subscription namespace and fall into two broad categories, Intrinsic Events and Extrinsic Events. Intrinsic Events […]