Enumeration using the Meterpreter ADSI Extended API Commands

(external source)







Windows Meterpreter recently got some new capabilities thru the Extended API module by OJ Reeves also known as TheColonial. He added support for:



Read more => http://ift.tt/1k6PtMz

PHDays 2014 Quals: DT_VCS writeup

(external source)







It was my favorite task from PHDays 2014 Quals, and the best CTF web challenge i made. During the PHDays Quals it was solved only 3 times, so i think that this writeup will be interesting. Ok, we found Detcelfer Version Control System and need to PWN it.



Read more => http://ift.tt/1dO4q01

ECB/CBC Encryption modes (chop suey)

(Chop Suey are results of my personnal web monitoring about specific topics. I publish the more relevant results in my blog to pickup themes again at a later time if needed)

 

https://www.adayinthelifeof.nl/2010/12/08/encryption-operating-modes-ecb-vs-cbc/

 

https://twitter.com/corkami/status/425895957138399232

 

http://www.racom.eu/eng/support/crypt.html

 

http://bradconte.com/ecb-isnt-a-mode-of-operation 

 

https://pentesterlab.com/exercises/ecb/

 

http://blog.spiderlabs.com/2013/01/defeating-aes-without-a-phd.html

 

Metasploit Meterpreter and NAT

(external source)







Professional pentesters typically use a host that is connected directly to the internet, has a public IP address, and is not hindered by any firewalls or NAT devices to perform their audit.



Read more => http://ift.tt/1dCRvC2

News and Threat Research A Closer Look at Cryptolocker's DGA

(external source)







CryptoLocker is the name of a ransomware trojan family that emerged late last year. This malware is designed to target Microsoft Windows systems and is renown for its ability to take its victim’s files hostage by fully encrypting files on the victim’s computer.



Read more => http://ift.tt/1aMiRoQ