Offensive Security

Attacks and offensive tools.

New ways to run Kali Linux on Windows using WSL

Some time ago I wrote a blog about Installing Linux Bash Shell (and Metasploit) on Windows 10. This is great, when we want to enjoy the best of both worlds- keep using Windows, with its out-of-the-box configuration and set-up, and still be able to use the powerful tools available for the Linux distribution. In my previous blog I went through the steps necessary for setting up WSL and installing an Ubuntu and Kali Linux distribution. Since then, a lot of advancements have been made to facilitate the use of these distributions for Windows Users.

Read more
Running and Imaging with FTK Imager from a flash device

In the process of analyzing a suspicious machine, the first thing we need to do is to actually image the machine we want to investigate. There are different tools available to do this, but the one I most often use is FTK Imager by AccessData. The FTK Imager tool is easy to use and more importantly, there is a free version.

Read more
Change the MAC address of your Linux system

Still today, some network monitoring tools and security systems rely on the MAC address of the host. However, a MAC address is not an authentication mechanism! It can be easily changed. More precisely, by default most operating systems will use the MAC address burnt into the network interface as the source MAC address for all emitted Ethernet frames. But you can easily reconfigure your system to change this behavior. Here is how to do that on a Linux computer.

Read more
Email (in)security

Sending emails relies mainly on SMTP, the Simple Mail Transfert Protocol. This protocol is actually quite old: the first traces date back from the 70's, and the first standardisation took place in 1982 (RFC 821). It is primarily a very simple and insecure protocol, although multiple additional protocols have developed to protect emails and avoid SPAM. In this blog post we review these different protection mechanisms.

Read more
Setting up a watering hole attack with metasploit

In recent years we have witnessed multiple organised attacks against countries and companies using malicious code that was distributed via a legitimate website. These types of attacks are called "watering hole attacks" as they target well known and used websites and compromising them. You could compare this to dumping poison or other dangerous chemicals in a pond or well, where your intentions are to target any and all that use that source. One of the more famous such attacks was the CCleaner Watering Hole attack, which used the well-known tool CCleaner to distribute its malicious code.

Read more
Simulate user activity with the GHOSTS framework: Client set-up and Timelines

In part I of our look into the GHOSTS framework, we managed to set up the GHOSTS servers on our computer and connect a simple Windows VM, running the client code, to the GHOSTS API server. The next step is to configure properly our Windows Client to simulate the activity of a real user. To do that we will set up multiple programs and tools that can be run automatically and define their behaviour.

Read more
Simulate user activity with the GHOSTS framework : Introduction

When we want to test some detection algorithm we are developing, or we want to prepare a nice in-depth exercise for our students, we need to set up an ecosystem that closely resembles that of the real world. This can lead to some difficulties as in a real network we have multiple users, each with the own computer, surfing the net, working with files, or typing commands and sending requests to the network's centralized server. It could pose a big challenge to model this if we don't have a group of people available who we can task with sitting behind a computer and clicking on their mouse every so often to simulate real computer behaviour. There are tools available that help automate that, but in most cases they can be quite rudimentary.

Read more
Man-In-The-Middle (MITM) with arpspoof

In this post we show how to easily perform a L2 man-in-the-middle attack using arpspoof on a standard Ubuntu computer...

Read more
Mobile Device Security Training

On Wednesday 15 April 2020, we are organizing a special training session dedicated to Mobile Devices Security.

Read more
Stealthy website scanning thanks to archive.org

Scanning a website is an important step of the reconnaissance phase. Different tools, like BlackWidow, can automate the process. We present here another tool that allows to scan a website without leaving traces on the target servers : waybackurls.

Read more
Find secret API token in Android application

In May 2019, Google announced there are 2.5 billion active Android devices. Thereby, most companies develop their own application. Not only the richest companies like Google, Facebook, Amazon,... but also a lot of smaller businesses.

Read more
Information gathering with BlackWidow

BlackWidow is a python script that automatically crawls a website to gather information like phone numbers, email addresses, form URL's etc. Very useful during the reconnaissance phase!

Read more