Networking
WireSocks for Easy Proxied Routing
I built some infrastructure that you could deploy and use to easily tunnel from arbitrary sources over a proxy such as SOCKS, using anything that can run WireGuard. This is convenient in cases where it would be nicer to have a full network route to a target network (with working DNS) vs just having application specific proxy rules. In this post I’ll elaborate a bit on that idea. If you…
Exploring The Fundamentals
We are excited to be presenting our Hands-on-Hacking Fundamentals (HHF) course at this year’s BlackHat USA 2021 conference. In our HHF course we explore the fundamentals required to grow your hacking skills where you can utilise your newly learned skills with practical, real world hacks in our custom lab environment. This blog aims to demonstrate the fundamentals of networking and scanning using the defacto Network Mapper “Nmap” which is one…
Routopsy – Hacking Routing with Routers
This is a summary of our BlackHat USA 2020 talk. On some of our engagements, Szymon and I found ourselves on various networks vulnerable to; insecure, misconfigured, and often overlooked networking protocols. These included dynamic routing protocols (referred to as DRP‘s) and first hop redundancy protocols (referred to as FHRP‘s). We decided to focus on these two classes of networking protocols to manipulate traffic flows and identify non-conventional ways of…
Avoiding detection via DHCP options
When conducting a red team exercise, we want to blend in as much as possible with the existing systems on the target network. For most large networks, that means looking like a Windows machine when you request a DHCP address. In a lot of cases, though, the machine that we connect to the target network is not going to be running Windows, but more likely, a variant of Linux. By…
Making the Perfect Red Team Dropbox (Part 2)
In part 1 of this series, we set up the NanoPi R1S as a USB attack tool, covering OS installation, installation of P4wnP1, and even keylogging a “passed through” keyboard. In this part, I am going to focus on operations as an Ethernet attack tool, using two scenarios. Firstly, as a box which can be connected to an unused Ethernet port, and provide remote access to the target’s network, and…
Page 1 of 1