RDP Honeypotting

I recently stood up a RDP honeypot consisting of a Windows VM with Wazuh and Sysmon. SecurityOnion is setup to monitor traffic to/from the internet for the honeypot. A UTM device is sitting between the honeypot and the internet to block ports, applications and proxy all traffic. I haven’t setup ssl decryption yet but I’m…

MouseJack: From Mouse to Shell – Part 2

This is a continuation of Part 1 which can be found here. New/Fixed Mice Since the last blog post, I’ve done some additional testing and it looks like most of the newer wireless mice are not vulnerable to MouseJack. I tested the best-selling wireless mouse on Amazon (VicTsing MM057), Amazon’s choice (AmazonBasics), and one of…

MouseJack: From Mouse to Shell – Part 1

What is MouseJack? MouseJack is a class of vulnerabilities that affects the vast majority of wireless, non-Bluetooth keyboards and mice. These peripherals are ‘connected’ to a host computer using a radio transceiver, commonly a small USB dongle. Since the connection is wireless, and mouse movements and keystrokes are sent over the air, it is possible…

Securing Your Online Accounts with 2FA

As the holidays came and went I was asked one question by family and friends more than any other. How do I keep my accounts secure? If you work in InfoSec you know this isn’t an easy question to answer but there are a few things everyone can do to secure their online accounts. Nothing…

2FA Instructions for Twitter

Here are instructions for enabling two factor authentication (2FA) on Twitter: Login to Twitter Click Profile and Settings next to Tweet on the top right, then click settings and privacy Click Set up login verification under the Security heading Add your phone number and click send code Click get backup code and save this in…

2FA Instructions for LinkedIn

Here are instructions for enabling two factor authentication (2FA) on LinkedIn: Login to LinkedIn Click Me in the upper right corner, then click Settings & Privacy Click Account then Two-step verification Click Turn on, then add a phone number Go back to two-step verification and click turn on Enter code from text message and you…

2FA Instructions for Amazon

Here are instructions for enabling two factor authentication (2FA) on Amazon: Login to Amazon Go to your account, then click Login & security Enter password Click Advanced Security Settings Click Get Started Duo Click Authenticate App Open Duo and click the + in the top right and then take picture of QR code Type in…

2FA Instructions for Facebook

Here are instructions for enabling two factor authentication (2FA) on Facebook: Login to Facebook Go to Settings>Security and Login Click Use two-factor authentication Duo If you have Duo setup on your device and would like to use it follow these instructions: Click Authentication App Open Duo, click the plus button and take a picture of…

WDigest: Clear-Text Passwords in Memory

What is it? WDigest.dll was introduced in the Windows XP operating system. The Digest Authentication protocol is designed for use with Hypertext Transfer Protocol (HTTP) and Simple Authentication Security Layer (SASL) exchanges, as documented in RFCs 2617 and 2831. Many people think of Digest Authentication as a protocol that is used with Web browsers for…

Kioptrix: Level 1.2 Walkthrough – Vulnhub

Name: Kioptrix: Level 1.2 Date released: 18 April 2011 Author: Kioptrix Download Enumeration Attacker: 10.11.1.7 Target: 10.11.1.10 Initial scan results below Well there aren’t a lot of options so I decided to start with http. I quickly found the login page for phpMyadmin and was able to login with admin as the user and no…