Meterpreter’s STDAPI extension (the one that always gets loaded) has a new command. This doesn’t happen very often so it’s worth noting. The new command prints out the currently attached “mounts”. In windows world, that means the normal CD ROM, C drive, etc, but it also means all of the mounted network drives as well. This gets very interesting when you happen to find yourself in a VM environment where you can start writing files to the host:
Time is a one-time non-renewable precious resource you are given. It is ok to be greedy, selective, and even snobbish about how, and with whom you spend it. If it helps, think of your time as a vault, money is withdrawn at a constant rate by people as you spend it, but you are not allowed to look inside to see how much you have left. It could be a billion dollars, it could be .
I recently took the plunge and joined a startup called R5 Industries. I wanted to say thanks for all the well wishes that I received on social media. It has certainly calmed my nerves about the choice ;-). I’ve had a number of people ask what R5 Industries does. Our primary selling point is AntigenC2, which is a really Command and Control detection product (no agents). But we also do Red Team assessments and some other fun toys if you are interested, contact@r5industries.
One of the best resources for persistence mechanisms is Hexacorn’s blog. http://www.hexacorn.com/blog/category/autostart-persistence/ If you haven’t checked out his “Beyond good ol’ Run key” (linked above) 32 post series, you really should. But today I wanted to talk about one that I didn’t see up there: DNVM (https://github.com/aspnet/dnvm) is the DotNet Version Manager and it’s a part of ASP.NET 5, which I believe has been inside of Visual Studio since the 2013 version.
If you found this post via a search, you are probably like me, “not great” at keeping your desktop clear “stuff” (you probably have a ‘stuff’ folder you once put stuff in and forgot about). If you are, and you go into a presentation, you probably don’t want to have all of your icons visible (and possibly recorded). Hiding your desktop icons on Windows (since 7 I believe) is pretty simple.
Today I was asked by @Krystropolis for a “Hello” and maybe some hacking advice, see tweet: @mubix I have my class in 4 hours. Would you be willing to post a 'hello' and maybe some hacking advice for my class demo? #PSUBehrend #CTF — Krystal Elliott (@krystropolis) September 24, 2015 I thought about it on my entire 1 hour drive home from just turning in my badge and laptop from a big corporation to go work at a start up.
AKA - ROB WRITES POWERSHELL!! Yesterday I posted a way to dump hashes using a Domain Controller account. But how do you know which account to use? And when was it’s password last set? net user unfortunately won’t do computer accounts. So I decided to write a PowerShell script to find out. Unfortunately Windows 7 doesn’t come with the ActiveDirectory PowerShell module (I’m sure there is another way to do this but here is how I did it.
Since I follow both Carlos Perez and Benjamin Delpy on Twitter, something caught my eye on August 2nd, soon after Benjamin Delpy drops DCSync: @Carlos_Perez haha, if yes, it will be a 0d ;) No, like always it needs some rights ;) DA is cool, maybe DC$ is enough — 🥝 Benjamin Delpy (@gentilkiwi) August 2, 2015 And then later on August 28th, again about the DC$ account (Domain Controller computer account):
It’s often tough from both hiring and job hunters to find one another at conferences. I think this is mostly because of a couple things. No one wants to stand at a booth on either side and talk job stuff in front of a bunch of people and people at booths rarely get the chance to get away. It’s hard to know “who” to talk to. So I created a very simple Google doc to help put twitter handles and links together for people who are job hunting and people who are hiring to kinda get to know who to talk to.
The teflon crew at Pied Piper suffered quite a bit during Season 2 of SILICON VALLEY. But there was no greater indignity than being brought to their knees by a tequila bottle. Since episode eight “White Hat/Black Hat” aired, many skeptical viewers have asked: how could something like this happen? Could a mindless error of pressing a delete key really cause a venerable company like Intersite to lose over nine thousand hours of content (including an irreplaceable archive of vintage yiffing videos)?