RDP Honeypotting

I recently stood up a RDP honeypot consisting of a Windows VM with Wazuh and Sysmon. SecurityOnion is setup to monitor traffic to/from the internet for the honeypot. A UTM device is sitting between the honeypot and the internet to block ports, applications and proxy all traffic. I haven’t setup ssl decryption yet but I’m…

MouseJack: From Mouse to Shell – Part 2

This is a continuation of Part 1 which can be found here. New/Fixed Mice Since the last blog post, I’ve done some additional testing and it looks like most of the newer wireless mice are not vulnerable to MouseJack. I tested the best-selling wireless mouse on Amazon (VicTsing MM057), Amazon’s choice (AmazonBasics), and one of…

MouseJack: From Mouse to Shell – Part 1

What is MouseJack? MouseJack is a class of vulnerabilities that affects the vast majority of wireless, non-Bluetooth keyboards and mice. These peripherals are ‘connected’ to a host computer using a radio transceiver, commonly a small USB dongle. Since the connection is wireless, and mouse movements and keystrokes are sent over the air, it is possible…

WDigest: Clear-Text Passwords in Memory

What is it? WDigest.dll was introduced in the Windows XP operating system. The Digest Authentication protocol is designed for use with Hypertext Transfer Protocol (HTTP) and Simple Authentication Security Layer (SASL) exchanges, as documented in RFCs 2617 and 2831. Many people think of Digest Authentication as a protocol that is used with Web browsers for…

Kioptrix: Level 1.2 Walkthrough – Vulnhub

Name: Kioptrix: Level 1.2 Date released: 18 April 2011 Author: Kioptrix Download Enumeration Attacker: 10.11.1.7 Target: 10.11.1.10 Initial scan results below Well there aren’t a lot of options so I decided to start with http. I quickly found the login page for phpMyadmin and was able to login with admin as the user and no…

Kioptrix: Level 1 Walkthrough – Vulnhub

Name: Kioptrix: Level 1 Date released: 17 Feb 2010 Author: Kioptrix Download: https://download.vulnhub.com/kioptrix/Kioptrix_Level_1.rar Initial scan results below Poked around 80/443 and didn’t find anything interesting Discovered OS and Samba version info using Enum4Linux Found an exploit for Samba 2.2.x which can we found here Downloaded and executed the exploit ROOT!! Now let’s look around and…

Offensive Security Certified Professional (OSCP) Review

It’s just another Saturday, I wake up around 6:30 am, get ready and head into the office to start my 12-16 hour day of Penetration Testing with Kali Linux (PWK/OSCP) training from Offensive Security. Although, it’s not like the last 16 Saturdays, today is exam day. OSCP Exam I sat down at my desk around 7:30…

SickOS 1.2 Walkthrough – Vulnhub

Name: SickOs: 1.2 Date release: 27 Apr 2016 Author: D4rk Link: https://www.vulnhub.com/entry/sickos-12,144/ Initial scan results show TCP 22 and 80 running SSH and lighttpd respectively. Kicked off dirb and found a test folder. Checked the options on the test folder…and saw that the server allows put. Used the following command to put a php shell…

DroidJack – A Quick Look at an Android RAT

DroidJack is a Remote Administration Tool (RAT) that can build and bind Android Packages (APK) for install on any Android device. This RAT can be found at droidjack.net and offers many features. The RAT sells for $200 as a one-time charge; which comes with lifetime access to all future updates. A few of the features include:…

How I Passed the CISSP on the First Try

On a cold wintery day in Michigan last December I sat for, and passed, the CISSP (Certified Information Systems Security Professional) exam by (ISC)2 in approximately 1 hour and 45 minutes with a 5-10 minute break. Read below and learn how I passed the CISSP on the first try. What I did Books I started off…