Securing communications with STUNNEL

Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs’ code. What STUNNEL basically does is that it turns any insecure TCP port into a secure encrypted port using OpenSSL package for cryptography. STUNNEL is very simple as it will accept a non-secure connection, add TLS encryption and send it to a remote host. This may come in use in scenarios where we have a hope which for any reason does not support TLS but our backend does. In order to protect at least the data in transit between […]

We didn’t start the Fire[HOL]

FireHOL is one of those programs that have been out there but never got into using it. In contrast I was always relying on IPTABLES and many times locking myself out of my servers because I forgot to include SSH in the rules. Since I started testing FireHOL out I reduced the need for IPTABLES or even improved on my IPTABLES understanding. Why? FireHOL is an IPTABLES configuration generator i.e an extremely simplified way to create IPTABLES chains. *Some of the examples explained below were taken directly from the FireHOL documentation pages so the credit goes to the FireHOL team. […]

DNS Beacon through DNSMasq Redirectors

Dnsmasq is a lightweight utility that provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. Dnsmasq accepts DNS queries and either answers them from a small, local, cache or forwards them to a real, recursive, DNS server. When performing red team operations it is important to have a large arsenal in your disposal which can be used according to the scenario, objectives and versatility needed. One of the tools that can be useed is DNSMasq. Cobalt Strike Beacon The DNS beacon offered by Cobalt Strike is a great way to smuggle communications in and out strict […]

Project Caligo

For those who know me know that i like physical assessments and using devices such as RaspBerryPi’s, odroid and others. This is also apparent from the development of the WarBerryPi. Even during the development of the WarBerryPi it was always a mess on managing multiple devices for multiple clients at the same time. This led to the idea of creating a centralized management panel which i am going to call C2 although for sure it does not have the functionality of a complete Command & Control tool. This was the genesis of Project Caligo with 2 goals in mind. Keep […]

WarBerryPi’s last walk

So earlier this week i decided that after 3.5 years i should probably stop the development of the WarBerryPi. The rationale behind this was fairly simple, lack of time to maintain and lack of imagination for new features. This was not an easy decision because the WarBerryPi was liked by infosec community, it was my first major development and a big school. Further to this, the WarBerryPi was my wagon to fulfil some of my dreams meaning speaking at BlackHat not once but 3 times and at other great conferences were i met amazing people. The WarBerryPi was voted #4 […]

Extracting firmware from a Winbond SPI EEPROM

I got my hands on a new used router and i was curious to see what was on the firmware. This was also a good opportunity to learn a bit more about hardware hacking and play with my Bus Pirates.  Feel free to correct any of my mistakes as i consider myself newbie with capital letters when it comes to hardware hacking.  So the first step was opening the router and identifying what i was up against.    This was a Winbond 25Q128JVFQ serial flash memory. With the help of Google i found its data sheet  here  The most important […]

MacOS – WiFi Pineapple Internet sharing

The WiFi Pineapple is a nice little tool from Hak5 which assists in wireless networks assessments. It has many functionalities that i will not cover in this post as i usually only use it during the recon phase of a project because i like the web interface and ease on setting up SSID/client filtering, logging and reporting. My usual setup is to have it connected to my Kali Nethunter and use the Internet or data connection of the mobile device to provide Internet access to the Pineapple Nano.      When it comes to setting it up for a laptop […]

Card cloning/emulating with the Chameleon Mini

The Chameleon mini is smartcard emulator working in the 13.56Mhz frequency which is HF and has 8 virtual card slots of 8KB per slot. In the HF space we often find hotel cards, Mifare cards, iClass etc etc. DISCLAIMER: Obtaining access to areas that you are not authorised is illegal! As it is a very small piece of hardware it is convenient to carry during traveling and to test out hotel key cards. I can’t see myself using this in a professional environment (i.e physical security assessments) but it appeals more to the hobby side of things. I’ve had the […]

Incapacitating Windows Defender

Dan Tentler aka @viss is definitely one of the people that i make sure i follow on Twitter because he is a fun guy and he knows his stuff. Hak5 recently did a couple of episodes with @viss where he showed a couple of tricks. Nothing too major and nothing foolproof but they can still come in handy at certain environments. The idea behind this approach is that if we have a defending team monitoring that Defender is running on all endpoints as expected, we can slip right through the crack by removing all the signatures that Defender relies upon […]

Introducing A.R.M.A

If you have been following me over the past couple of years you will know that i have been testing various devices that can be used as network implants. Some of them came with their pros and their cons but ultimately couldn’t find exactly what i was looking for. The requirements i had came from the limitations i saw when actively testing the devices in the field. At the end of the day, you get one shot to plug a rogue device in a network and cannot risk that with preconfigured scripts and hardware failing on you. My requirements where […]