Red Team

Securing communications with STUNNEL

Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs’ code. What STUNNEL basically does is that it turns any insecure TCP port into a secure encrypted port using OpenSSL package for cryptography. STUNNEL is very simple as it will accept a non-secure connection, add TLS encryption and send it to a remote host. This may come in use in scenarios where we have a hope which for any reason does not support TLS but our backend does. In order to protect at least the data in transit between […]

Read more

We didn’t start the Fire[HOL]

FireHOL is one of those programs that have been out there but never got into using it. In contrast I was always relying on IPTABLES and many times locking myself out of my servers because I forgot to include SSH in the rules. Since I started testing FireHOL out I reduced the need for IPTABLES or even improved on my IPTABLES understanding. Why? FireHOL is an IPTABLES configuration generator i.e an extremely simplified way to create IPTABLES chains. *Some of the examples explained below were taken directly from the FireHOL documentation pages so the credit goes to the FireHOL team. […]

Read more

DNS Beacon through DNSMasq Redirectors

Dnsmasq is a lightweight utility that provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. Dnsmasq accepts DNS queries and either answers them from a small, local, cache or forwards them to a real, recursive, DNS server. When performing red team operations it is important to have a large arsenal in your disposal which can be used according to the scenario, objectives and versatility needed. One of the tools that can be useed is DNSMasq. Cobalt Strike Beacon The DNS beacon offered by Cobalt Strike is a great way to smuggle communications in and out strict […]

Read more