Red Team Laptop & Infrastructure (pt 1: Architecture)

I get a lot of questions about my laptop, ranging from “Windows or Mac?” to “do you have a preferred chipset for Ethernet NICs.”

Well, with the exception of “neither” to the first question, most things will vary. Rather than talk about specific hardware or version choices, I’m going to talk about Architecture; in future posts I’ll talk about specific ways of implementing my Infrastructure architecture for supporting penetration testing, but for now we will focus on the high level. This design is Reasonably secure in the right hands, fast, and extremely flexible.

Read More

Unique Policy of Transferring User names by Telegram

Telegram has been around for a little while now, and its user base is growing. However, despite their attempts to be the secure system to beat out the larger social networks, they have one particularly alarming policy: They will transfer a username unilaterally from an established account to another.

Read More

2 of 3 Tor Exits Suspended

Well, the upstream IP provider decided they don’t want the Tor nodes there for the time being (partially since they didn’t have an official policy… yet). My node in Canada is still operational, however the beefy nodes operating out of my DC are down for now. They plan to inform me within the next month or so of an official policy. If they form an official stance and allow them, then they will come back online (albeit with the same reduced exit policy).

~H

Tor Exit Nodes

I feel like I needed to help out a little more towards a great project: TOR. I won’t go into what it is here, as I assume my average reader knows. Hacking and Coffee decided to stand up a couple of exit nodes to contribute to the network. They do have a reduced exit policy, however most services are still accessible (notable exceptions being port 25 for SMTP between servers rather than user submissions). The first one to be given an exit flag is set and can be referenced at Atlas.torproject.org  (traffic statistics can be seen at https://tor.hackingand.coffee/stats ).

Read More

Def Con 24 Post Mortem

Now that the dust has settled, and the Vegas alsohol has left my system, time to write the post mortem from Def Con 24.

I solved the Caezar Challenge (albiet I needed a tiny hint on the last stage, as there was a lt of confusion with the hint given which was misinterpreted), and got to chew out the guy who broke my lock (all was forgiven we can 3d print new parts). I came close, but did not successfully defuse The Box. And shenanigans ensued.

Read More

Def Con 24 Caezar Challenges URl Solving

Part of the Caezar challenge involved URL forcing. There were four characters, three unique, that were unsolved in the domain name. Using a combination of scripting and nslookup, it was trivial to solve (though later determined not to be necessary, but was possible after solving via traditional substitution cipher. I wont spoil the preferred method here since it was brlliant and may be used again).

Here I explain this process.

Read More

Def Con Update

Hon1nbo here reporting from Def Con 24. I am taking a break from exploding at “The Box,” and sending this to post via raven carriers.

I got a Caezar’s Challenge badge, and whilst I don’t care to spend all of my time cracking the challegnes for the party, I want to give the person who dropped it a piece of my mind since he broke $150 worth of locks on the table in the process.

If you see someone handing out caezars badges say something. Tweet at me.

Cheers,

~H

Peach EXE Template

I uploaded the first of my old Peach fuzzer templates to my Github account. This template is for the Microsoft PE/COFF 32bit EXE executable standard. I originally made this at my super-secret-alter-ego job almost 4 years ago. However, we did not have the resources to devote to running it at the time. Should not be too hard to update for 64bit and other newer attributes. May run it on some windows 10 VMs, or through some AVs such as Symantec.

Github Peach Fuzzer Templates

Serving malware via physical legal documents

I have decided to post about a personal trick I created and have used for quite a while. Given that most process servers are private entities, rather than actual members of the court, they are ready for hire without filing an actual legal process. Thus, it is possible for an official looking person to arrive at a target and present the payload in person without ever leaving a trace of your identity. This physical legal document has successfully gained my administrator credentials from targets that normally have a high level of security awareness, and usually catch phishing attempts.

Read More