Skip to main content

Posts

DIY Red Team Tools - Under Door Tool

I keep hand written notes on everything I find that is useful. This is part of a series of blog posts on making your own DIY red team tools from my notes. Obviously you should only use these tools where you are allowed to use these tools, and you should take care when making or using any tools. These are just my notes on what worked for me, your mileage may very, etc. Under Door Tool The under door tool is useful when you are on the wrong side of a door that has a door handle which unlocks it. These doors open so easily to allow people to escape in case of a fire and a power outage. Examples of these doors are found throughout commercial properties but are not normally found in domestic properties. The doors tend to look something like this. The under door tool can easily bypass doors in under a minute, but they are bulky to carry and can be hard to source locally. A commercial UDT is likely to cost about £60.00 shipped, but an improvised one could easily be made for less than £1
Recent posts

DIY RedTeam Bypass Tools - Wallet Jim

I keep hand written notes on everything I find that is useful. This is part of a series of blog posts on making your own DIY red team tools from my notes. Obviously you should only use these tools where you are allowed to use these tools, and you should take care when making or using any tools. These are just my notes on what worked for me, your mileage may very, etc. Wallet Sized Slim Jim Tool The slim jim or shove tool is for "latching loiding". It works by reaching into the gap between the door and the frame to push or pull on the latch. This won't work on a properly fitted lock which use a deadlatch or dead locking plunger. Many deadlatch locks are not properly fitted or badly maintained so it's always worth a try. The term loiding comes from celluloid used in filmstrips which was the material originally used in some of these attacks. This jim is very small and sized to fit in a wallet. You are going to need: Materials: This is made from a thin steel ruler l

HoneyPot WarGames - The Hackers Dictionary

Every year security companies are coming up with the “worst passwords” based on breached credentials found on in the murkier parts of the internet. Every year people seem surprised that “123456” is a terrible password and people are still using it. Passwords often get rated by how quickly the could be “cracked”. The length of time for cracking passwords in the real world varies wildly according the the context and the numbers are often confusing. NordPass recently published their list of most common passwords and claimed that the third most popular password was “picture1” and it would take 3 hours to crack. If that’s referring to offline password cracking then we should have a whip-round to upgrade the hackers hardware because a password like that should take seconds to crack. When hackers try to brute force their way into an account online they have to try lots of different password combinations until they get in, or just give up. This takes a lot of time so hackers spend time optimiz

HoneyPot WarGames (WFH edition) - Improving your password game.

Improving your password game. Many companies around the world are settling into a future where most people work from home, at least for a while. Working from home comes with many benefits, but there are downsides from a security point of view. Most modern enterprises have spent significant chunks of their security budget on securing their perimeter. Sure everything is moving to the cloud and most of the workforce has been mobile for some time, but many IT departments still rely on people either physically coming into the office or using VPN. Without this patches cannot to be pushed to machines, updates cannot be applied, and perimeter IPS and IDS systems cannot pick up connections to C2 and malicious URLs that traditional AV missed. When it comes to security, most enterprises aren't set up for people to work outside the wire for sustained periods. What are the risks of working outside the wire? The chances are that when your employees are working from home, the only thing protectin

Anatomy of a phishing campaign

This is the story of a phishing email that came across my desk. It's good to take a look at what the bad guys are doing sometimes. It's often not rocket science but it's handy to keep an eye on the simple techniques used. And if this isn't your day job you probably don't get forwarded a huge number of phishing emails, malware to analyse or dodgy sites to investigate. In fact hopefully you do your best to avoid all of those things. The Attack Chain So this particular phishing campaign started as many others do with a simple phishing email. It's not an aggressive email, it's not selling itself too hard, no spelling mistakes, no funny looking URLs and it's pretty simple. There's only one link to click on. Just a quick note here about clicking on links in nefarious emails. Don't do it unless you are ready to. This link could trigger some malware, it could be unique to the targeted email (so the attacker knows the email address is valid

Reducing password lists with password policies

When cracking passwords, efficiency is everything. You've spend hard earned money on GPUs, you may as well optimise your password lists to make sure that you don't waste time hashing passwords that are out of policy for your target organisation. So that's simple enough with a few grep and sed commands but after a while you start to feel lazy and script it. Thats why I've added  password policy script to my password munging script . Using the policy script is pretty straightforward: ./policy.py -luns passwords.txt -o passwordsinpolicy.txt The switches are as follows: -l --lowercase passwords must include lowercase letters -u --uppercase passwords must include uppercase letters -n --numeric password must include numbers -s --special passwords must include special characters All of the above are switched on by default. The input file must have each password on a separate line. There are also the following optional switches: -m --min minimu

Wiggling your pointer with a Mouse Jiggler

What is a Mouse Jiggler? A mouse jiggler basically simulates physical movement of your mouse to prevent the computer from going to sleep, the screensaver from starting or the screen from turning off. They can also be handy if someone measures the idle time on your computer and you need to look busy, just saying. Law enforcement use them to stop laptops and servers from going to sleep when making "lights on" arrests. This is especially important to avoid losing hard drive encryption keys. They have also been used by companies wishing to maintain access to machines that they dont have the password for when employees leave. If the machine is awake, we can keep it that way with a mouse jiggler. There are basically two kinds, hardware and software. Hardware devices retail for $20-$40 but you can make your own for less than $6. All you need is some kind of ATMEGA32U4 arduino device. A quick check on ebay/amazon will reveal dozens of devices in all different form factors.