Foregenix-Logo-Horizontal-Colour
+44845 309 6232 | hello@foregenix.com |

Cybersecurity Insights

Zacharias Pigadas

Using DNS as an out-of-band command output retrieval channel

04/06/20 10:02

 

Setting the scene

A fair amount of the work we do in the Foregenix Penetration Testing team is, in one way or another, a flavour of web application penetration testing. In these assessments we come across command execution vulnerabilities that belong in one of two different categories:

  1. Those were the output is returned directly to the user and,
  2. Well… those that are not.

In this blog post we will discuss the latter, cases where the output of our command is not directly displayed on the application, and present a strategy for obtaining access to the output of our command using recursive DNS queries. Finally we construct a practical example of the discussed strategy via a step by step process bypassing different constraints imposed to us by the use of DNS as an out of band retrieval method.

Read More
Alex Constantinou

Detection Lab for Pentesters

15/04/20 10:00

Detection Lab, designed and maintained by Chris Long, is a collection of Vagrant and Packer scripts. These scripts allow users to quickly spin up a fully configured and monitored Windows Active Directory environment. Once the setup is complete, we will have a fully functional lab designed with defenders and security researchers in mind. Detection Lab can easily be modified to fit most needs or expanded to include additional hosts.  This blog will demonstrate how to install and use Detection Lab with penetration testers in mind.

Read More
Giuliano Fasto

Introducing RETURNINGPATIENT

09/04/20 10:00

In our previous post, Red Teaming: Command and Control protocols, we performed a very brief introduction of RETURNINGPATIENT in the general context of choosing different command and control strategies in our red teaming campaigns. In this post, we will take a deeper dive into RETURNINGPATIENT itself and discuss its properties and its limitations.

Read More
Zacharias Pigadas

Red Teaming: Command and Control protocols

07/04/20 10:00

Red teaming, in an information security context, is an adversarial-based offensive activity against an organisation's assets, whether this is infrastructure, applications or people. Red teaming is a specialised penetration testing service offering wherein the attacker assumes the role of an advanced threat actor and attempts to compromise agreed upon components inside the target. The threat actors use Tactics, Techniques and Procedures (TTPs) in their compromise campaigns. It is designed to be stealthier than a typical penetration test and test the defences of a network against a persistent attacker. It is also goal driven to provide focus and guide the test towards what the targeted organisation sees as its most valuable assets rather than the common misconception of "get domain admin". Mitre's ATT&CK framework, provides a comprehensive breakdown of all the different tactics in a red teaming engagement and outline of all different techniques inside each tactic.

Read More
Christodoulos Lamprinos

A first look at today’s Command and Control frameworks

01/04/20 10:00

In InfoSec history books, 2019 should be called ‘The year of the Post-Exploitation Command and Control Frameworks’ with major projects falling in that category being developed and made public, such as:

Read More
All posts
Zacharias Pigadas

Using DNS as an out-of-band command output retrieval channel

04/06/20 10:02

 

Setting the scene

A fair amount of the work we do in the Foregenix Penetration Testing team is, in one way or another, a flavour of web application penetration testing. In these assessments we come across command execution vulnerabilities that belong in one of two different categories:

  1. Those were the output is returned directly to the user and,
  2. Well… those that are not.

In this blog post we will discuss the latter, cases where the output of our command is not directly displayed on the application, and present a strategy for obtaining access to the output of our command using recursive DNS queries. Finally we construct a practical example of the discussed strategy via a step by step process bypassing different constraints imposed to us by the use of DNS as an out of band retrieval method.

Read More
Alex Constantinou

Detection Lab for Pentesters

15/04/20 10:00

Detection Lab, designed and maintained by Chris Long, is a collection of Vagrant and Packer scripts. These scripts allow users to quickly spin up a fully configured and monitored Windows Active Directory environment. Once the setup is complete, we will have a fully functional lab designed with defenders and security researchers in mind. Detection Lab can easily be modified to fit most needs or expanded to include additional hosts.  This blog will demonstrate how to install and use Detection Lab with penetration testers in mind.

Read More
Giuliano Fasto

Introducing RETURNINGPATIENT

09/04/20 10:00

In our previous post, Red Teaming: Command and Control protocols, we performed a very brief introduction of RETURNINGPATIENT in the general context of choosing different command and control strategies in our red teaming campaigns. In this post, we will take a deeper dive into RETURNINGPATIENT itself and discuss its properties and its limitations.

Read More
Zacharias Pigadas

Red Teaming: Command and Control protocols

07/04/20 10:00

Red teaming, in an information security context, is an adversarial-based offensive activity against an organisation's assets, whether this is infrastructure, applications or people. Red teaming is a specialised penetration testing service offering wherein the attacker assumes the role of an advanced threat actor and attempts to compromise agreed upon components inside the target. The threat actors use Tactics, Techniques and Procedures (TTPs) in their compromise campaigns. It is designed to be stealthier than a typical penetration test and test the defences of a network against a persistent attacker. It is also goal driven to provide focus and guide the test towards what the targeted organisation sees as its most valuable assets rather than the common misconception of "get domain admin". Mitre's ATT&CK framework, provides a comprehensive breakdown of all the different tactics in a red teaming engagement and outline of all different techniques inside each tactic.

Read More
Christodoulos Lamprinos

A first look at today’s Command and Control frameworks

01/04/20 10:00

In InfoSec history books, 2019 should be called ‘The year of the Post-Exploitation Command and Control Frameworks’ with major projects falling in that category being developed and made public, such as:

Read More

Blog by Topic

see all