WDTV Live Streaming Media Player release 2.03.20 (and likely earlier) contains a weakness that allows an unauthenticated attacker to change the web management password to a value of their choice. Nothing earth-shattering here, just a failure to validate that a POST request contains the correct validated headers that an authenticated user should have before processing the…
An excellent question! If you’re reading this, there’s a good chance you are considering joining us for what promises to be a pretty fly BSides Canberra Capture The Flag competition in just a few short weeks. The great news is that this CTF has been specially designed to include something for absolutely everyone, no matter…
With version 1.5.1, we’ve seen a few slight changes to the setup process. Unlike previous tutorials, I’m not going to yabber on as we walk through the setup. If you want background details, reasoning behind choices made or any verbose info on any part of this setup, check out the earlier tutorial or hit me…
Not a Review… Firstly, this is not a full review of Offensive Security’s Cracking The Perimeter course and the Offensive Security Certified Expert exam/challenge. If that’s what you’re looking for, go nuts with the following list of reviews: OSCE Review OSCE and me My OSCE Review Offensive Security’s CTP and OSCE – My Experience CTP/OSCE:…
I started this thing at work – we call it BugWeek – where a few times a year, the senior staff lock ourselves in my office and go to town on the corporate network. It’s a great way to find exposures that traditional vulnerability scanners don’t pick up, and it helps keep the blue team’s ‘red’ skills…
!!UPDATED INSTRUCTIONS FOR RELEASE 1.5.1 here !! Phishing is easy. Effective target phishing isn’t so easy. While there’s a good chance you can get someone somewhere to click a link, it’s harder to get them to enter credentials – sometimes you might be up against a savvy user who won’t take a bite of a…
The first ever BSides Australia conference has finished up, and it was an absolute blast. I had the opportunity to contribute to the BSides CTF component by coming up with the Trivia section and creating a boot2root style challenge (aptly named Mr Robot). The challenge had a few stages to complete (including a short dance on the…
!!UPDATED INSTRUCTIONS FOR RELEASE 1.5.1 here !! It’s been quite some time since I wrote a guide for something, and I DID say I’d follow up my original Gone KingPhishin’ post with steps to get SSL/TLS working as well as walking through the campaign creation process…so here we go. What you’ll need to replicate this…
PowershellEmpire is basically a post-exploitation framework that utilises the widely-deployed PowerShell tool for all your system-smashing needs. It’s feels quite Metasploity with it text-driven menus, module management and execution functions, but it’s purely for generating PowerShell agents and post-exploitation evilness. Of course, Powershell being native to Windows means that AV is not a concern (for…
!!UPDATED INSTRUCTIONS FOR RELEASE 1.5.1 here !! Running a phishing campaign against your organisation is a good way to educate users against the perils of the inbox. Some of the common problems with education-based phishing runs of any reasonable size include: The pain of spinning up infrastructure for the campaign Tracking user participation and response…