Recently, Foregenix worked with Amazon Web Services to do a security review of the GuardDuty Intelligent Threat Detection Service. Specifically, we were looking for three abilities in the service:
Recently, Foregenix worked with Amazon Web Services to do a security review of the GuardDuty Intelligent Threat Detection Service. Specifically, we were looking for three abilities in the service:
A fair amount of the work we do in the Foregenix Penetration Testing team is, in one way or another, a flavour of web application penetration testing. In these assessments we come across command execution vulnerabilities that belong in one of two different categories:
In this blog post we will discuss the latter, cases where the output of our command is not directly displayed on the application, and present a strategy for obtaining access to the output of our command using recursive DNS queries. Finally we construct a practical example of the discussed strategy via a step by step process bypassing different constraints imposed to us by the use of DNS as an out of band retrieval method.
Detection Lab, designed and maintained by Chris Long, is a collection of Vagrant and Packer scripts. These scripts allow users to quickly spin up a fully configured and monitored Windows Active Directory environment. Once the setup is complete, we will have a fully functional lab designed with defenders and security researchers in mind. Detection Lab can easily be modified to fit most needs or expanded to include additional hosts. This blog will demonstrate how to install and use Detection Lab with penetration testers in mind.
In our previous post, Red Teaming: Command and Control protocols, we performed a very brief introduction of RETURNINGPATIENT in the general context of choosing different command and control strategies in our red teaming campaigns. In this post, we will take a deeper dive into RETURNINGPATIENT itself and discuss its properties and its limitations.
Red teaming, in an information security context, is an adversarial-based offensive activity against an organisation's assets, whether this is infrastructure, applications or people. Red teaming is a specialised penetration testing service offering wherein the attacker assumes the role of an advanced threat actor and attempts to compromise agreed upon components inside the target. The threat actors use Tactics, Techniques and Procedures (TTPs) in their compromise campaigns. It is designed to be stealthier than a typical penetration test and test the defences of a network against a persistent attacker. It is also goal driven to provide focus and guide the test towards what the targeted organisation sees as its most valuable assets rather than the common misconception of "get domain admin". Mitre's ATT&CK framework, provides a comprehensive breakdown of all the different tactics in a red teaming engagement and outline of all different techniques inside each tactic.
Recently, Foregenix worked with Amazon Web Services to do a security review of the GuardDuty Intelligent Threat Detection Service. Specifically, we were looking for three abilities in the service:
A fair amount of the work we do in the Foregenix Penetration Testing team is, in one way or another, a flavour of web application penetration testing. In these assessments we come across command execution vulnerabilities that belong in one of two different categories:
In this blog post we will discuss the latter, cases where the output of our command is not directly displayed on the application, and present a strategy for obtaining access to the output of our command using recursive DNS queries. Finally we construct a practical example of the discussed strategy via a step by step process bypassing different constraints imposed to us by the use of DNS as an out of band retrieval method.
Detection Lab, designed and maintained by Chris Long, is a collection of Vagrant and Packer scripts. These scripts allow users to quickly spin up a fully configured and monitored Windows Active Directory environment. Once the setup is complete, we will have a fully functional lab designed with defenders and security researchers in mind. Detection Lab can easily be modified to fit most needs or expanded to include additional hosts. This blog will demonstrate how to install and use Detection Lab with penetration testers in mind.
In our previous post, Red Teaming: Command and Control protocols, we performed a very brief introduction of RETURNINGPATIENT in the general context of choosing different command and control strategies in our red teaming campaigns. In this post, we will take a deeper dive into RETURNINGPATIENT itself and discuss its properties and its limitations.
Red teaming, in an information security context, is an adversarial-based offensive activity against an organisation's assets, whether this is infrastructure, applications or people. Red teaming is a specialised penetration testing service offering wherein the attacker assumes the role of an advanced threat actor and attempts to compromise agreed upon components inside the target. The threat actors use Tactics, Techniques and Procedures (TTPs) in their compromise campaigns. It is designed to be stealthier than a typical penetration test and test the defences of a network against a persistent attacker. It is also goal driven to provide focus and guide the test towards what the targeted organisation sees as its most valuable assets rather than the common misconception of "get domain admin". Mitre's ATT&CK framework, provides a comprehensive breakdown of all the different tactics in a red teaming engagement and outline of all different techniques inside each tactic.