Carrie Roberts // *Guest Blog You have a password hash you would like to crack for a password that contains an Umlaut. You know, the two dots over a letter as is commonly seen in the German language. For our example here, we have the Windows password hash of the password “Möm Rülez!” I know, […]
Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 1:07 Quick review of SILENTTRINITY functions, an overview of Bring your own Interpreter (BYOI) capabilities, BYOI payload 7:08 BYOI/SILENTTRINITY in a nutshell, advantages vs. disadvantages 16:53 Overview of the almost 50 new modules that have been incorporated, live demo 38:12 […]
Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 4:18 Problem statement and exploitation timeline8:28 MapReduce and Hadoop overview, overview of open-source software based on Hadoop architecture and their vulnerabilities14:15 Live demonstration of standing up a stack in EMR, terminology, auto-scaling risks, proper security postures for any new […]
Melissa Bruno // So you have an Internet-facing DNS server. Maybe you decided to set one up at home for fun, or your company has one that works with other services. Either way, you probably have a group of people in mind who should be using it. But are you sure that they’re the only […]
John Strand // I have quite a few calls with customers who do not know where to begin when it comes to application whitelisting. Often, the approach some organizations take is to try and implement full application whitelisting on every single application across their entire environment. While this goal is fun and seems like a […]
Darin Roberts // I recently had to install a new gold image as my Kali Linux testing virtual machine. Almost on every test I do, I clone the gold image and use the fresh install to start from. On this image I install as many of the scripts and tools as I can so when […]
John Strand // In this blog, I want to walk through how we can set up Sysmon to easily get improved logging over what we get from normal (and just plain awful) logging in Windows. Basically, trying to get information from standard Windows logs is a lot like playing tennis against curtains. Sure, you can […]
Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 4:36 Problem Statement and Executive Problem Statement 9:00 Short Sysmon review, introduction to ELK, what programs make up ELK, data type and its affect on elasticsearch, answering viewer questions 20:51 Touching on different types of logs, how logstash deals […]
Raymond Felch // Preface: I began my exploration of reverse-engineering firmware a few weeks back (see “JTAG – Micro-Controller Debugging“), and although I made considerable progress finding and identifying the JTAG (Joint Test Action Group) pins on my target board (Samsung S3C4510 CPU) Linksys BEFSR41 router, there were complications. I ran into a number of […]
