I got 99 problems but my NAC ain´t one

This post will be all about Network Access Control (NAC) solutions and how they might lull you into a sense of security.
Designed to keep rouge devices out of your network, I´ll show you ways around it, as well as ways to protect yourself.
From a pentester´s or red teamer´s perspective this might come in handy when customers protect their networks with these kinds of tools.

Read More

Evil Logitech - erm I ment USB cable

New series: Things you don´t need - but will probably want!

Did you ever want to have your own, handmade, remote controlled, stealthy USB implant / HID injector, but didn´t want to sell your soul for it? Well then this one is for you :)
I already heared about something like this in the past, which reminded me of the expensive O.MG cable from HAK5 or the USB Ninja.
But If you like to tinker a little bit and are on a budget, you can pretty much get the same results for like 30 bucks.

I already own a DSTIKE WiFi Duck and several Digisparks, but plugging these into someones computer is far more suspicious than a black USB cable. I also own a CrazyRadio, with which one can inject keystrokes into wireless receivers for keyboards and mice, with the help of e.g. bettercap - but to be honest this is a real pain in the ass.

I recently stumbled upon some great articles on Twitter regarding an alternative in form of a UNIFY receiver implanted into an USB cable. When I red those lines, I also wanted an USB cable that would still be able to charge a phone, but also could be used to inject keystrokes into the victims systems or even give me a remote shell.

Read More

Relaying 101

Hello fellas, or as we say in Germany: “Hallo Freunde der fettfreien Leberwurst.”

In today’s blog-post we´ll be talking about relaying attacks, or more precisely about NTLM relaying attacks. So let´s get started.

As you already know I am new to the pentest field and as such we´re not going to deep dive here, but instead I am trying to give you an overview of what, why and when, mixed with some practical examples in regards to relaying attacks. Wherever applicable I´ll provide you with links for further reading.

Read More

Sailing Past Security Measures In AD

Today we´re going to talk a little about possible ways to circumvent some of the security measures one might face during an engagement in an Active Directory environment.

We as pentesters are heavily relying on our tools like Bloodhound, Rubeus, mimikatz and all the other fancy stuff. Be it for an internal assessment or a Red Team campaign.

But the Blue Team is not at sleep, trying to keep the bad guys outside with their newest AI machine learning cyber tools.


Read More

Pentest - Everything SMTP

In this blog-post I am trying to demystify SMTP (at least for myself).
What exactly is it used for? What parties are involved? What about authentication and when? What attack surfaces are you opening with incorrect settings?

As you may have read in the other posts, I will most likely try to reflect my knowledge on specific topics or work on certain problems I face (mainly during work), where these blog-posts are aimed to help me.

This time it´s all about SMTP in regards of possible attacks and countermeasures, all from the point of view of an external attacker.

Read More

AS_REP Roasting vs Kerberoasting

Recently my team had a discussion about what the exact difference between AS_REP Roasting and Kerberoasting is.
As we were short of time, we did not come to a concrete answer and were also not able to find an article that explains it in short.

I am neither a professional with years of experience nor a Kerberos guru. So if you are looking for a complex deep-dive, feel free to move along.

Credits to: Allagar´s Art

Read More

My Way Into InfoSec

This is my very first blog post ever, which I am trying to use to get a little into github (pages), and because I was in the mood to write something.
As I am fairly new into being a fulltime InfoSec guy, I´ll be writing about how I got into it and how I landed my current job as a pentester.
This will also reflect my point of view regarding the right mindset and certifications that might get you started.

Read More