Author: BenHeise

RallySec MVP

Here at RallySecurity we appreciate folks who are working hard, creating resources, and sharing with the community to help improve security and drive understanding of the technologies that we all use or are affected by. Lots of us use http://adsecurity.org, watch his conference talks, watch videos of his conference talks, or receive mentorship and advice from Sean Metcalf. For his work in the field, we’d like to award him the first ever RallySec MVP. We only wish we could do more to thank Sean for all his hard work. Sean is one of about 100 people in the world who holds the elite Microsoft Certified Master Directory Services (MCM) certification. Furthermore, he assisted Microsoft in developing the Microsoft Certified Master Directory Services certification program for Windows Server 2012. Mr. Metcalf has provided Active Directory and security expertise to government, corporate, and educational entities since Active Directory was released. His company, Trimarc Security, provides security consulting services to customers with large Active Directory environments and regularly posts useful Active Directory security information on his blog, ADSecurity.org. Follow him on Twitter...

Read More

SpecterOps Adversary Tactics course review

I recently had the opportunity to attend the first public offering of the SpecterOps Adversary Tactics: Red Team Operations course. This excellent, from-scratch training took participants through several modern Tools, Tactics, and Procedures (TTPs) and demonstrated their countermeasures and detections.

Read More

RallySec Episode19 – Oscaron & PWC & Uber Autonomous vehicles

Episode 19 MP3 | Youtube | Twitch.TV | Twitter | Facebook | iTunes | Stitcher Story Title: CVE-2016-8655 – Linux local root exploit Synopsis/Talking points: What are Linux namespaces? What are Linux capabilities? References: http://seclists.org/oss-sec/2016/q4/607 Danny’s Stuff Story Title: PWC RCE Cease and Desist Synopsis/Talking points: PWC are a bunch of douchebags References: PWC threatens to sue security firm for disclosing embarrassing, dangerous defects in its software http://seclists.org/fulldisclosure/2016/Dec/33 An update to this: if you want to test if your SAP system is vuln – since PwC still haven't told their clients – check for ABAP ZACE8M. pic.twitter.com/UR8sQ5IsP2 — Kevin Beaumont (@GossiTheDog) December 12, 2016 Story Title: ShadowBrokers are still at it Synopsis/Talking points: Since their big auction failed, and then their second sale failed, they are trying to sell the tools off individually for anywhere from ~$800-80,000 (depending on price of BTC) References: https://medium.com/@CleetusBocefus/are-the-shadow-brokers-selling-nsa-tools-on-zeronet-6c335891d62a Story Title: Uber Says ‘FU’ To DMV, Rolls Out Self-Driving Cars Without Approval Synopsis/Talking points: Starting today, random Uber passengers use an automated car. While 20 manuf have gotten permits to test automated card, Uber has not. There are already problems. References: http://sfist.com/2016/12/14/uber_says_fu_to_dmv_rolls_out_self-.php https://www.bloomberg.com/news/articles/2016-12-14/uber-rolls-out-self-driving-cars-in-san-francisco-without-dmv-approval...

Read More

RallySec Episode18 – LiveOverflow & Infosec education

Episode 18 MP3 | Youtube | Twitch.TV | Twitter | Facebook | iTunes | Stitcher Guest Interview: -Tell us about yourself LiveOverflow? -How did you (LO) get your start in infosec? -How did you get started in CTFs? -(Each co-hosts background/story/history) (LO) If there is time, I’d really like to hear your opinions and experiences in respect to infosec education. How it helps or not help in your area of industry for jobs, personal development, etc… Is formal education useful? Did you do general CS or special security degree? Any trainings done at e.g. conferences How about Certifications? CISSP, Network+, CEH, OSCP, … Did you learn from books? Blogs? Forums? IRC? Local meetings/hackerspaces? Ever played CTF/Wargames? How do you stay up to date or learn new skills? Especially now that you are not a beginner anymore. Any secret tip? -Upcoming CTFs (CCDC, etc) -What is an infosec resource that not many people seem to know of? -Upcoming conference presentations? Fun questions: -What do you do for fun? -Would you rather fight 100 duck sized HDMoore, 1 horse sized HDMoore, or Option C, and...

Read More

RallySec Episode17 – TorPwnage & CreditCardChallenge & SFMTA Ransomware

Episode 17 MP3 | Youtube | Twitch.TV | Twitter | Facebook | iTunes | Stitcher Story Title: Mirai Botnet activity detected in Germany Synopsis/Talking points: Exploiting SOAP requests sent via the TR-069 protocol used to control DSL modems remotely. Exploit sends an update to reconfigure the modem’s NTP servers. Apparently the backtick characters ““” which are shell specials used to execute the command in backticks are not escaped, resulting in RCE, and thousands of compromised routers This is a command injection vulnerability. Also theres a metasploit module for it already. If you have port 7547 open on your ISP modem/router, you may possibly be at risk. References: https://isc.sans.edu/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759 https://www.exploit-db.com/exploits/40740/ Story Title: Tor got pwned again Synopsis/Talking points: Vulnerability in Mozilla Firefox discovered ITW being used to compromise TOR users According to a user on ycombinator’s hacker news, the exploit is being delivered to visitors of the TOR CP site “giftbox” The exploit reportedly “got loaded on the confirmation page after logging in” Some are stating the exploit payload is roughly similar to that of the FBI’s payload when they were attacking TOR users in 2013 “The malicious payload it delivers, according to an independent researcher who goes by the Twitter handle @TheWack0lian, is almost identical to one that was used in 2013 to deanonymize people visiting a Tor-shielded child pornography site. The FBI ultimately acknowledged responsibility for the exploit, which was embedded in webpages served...

Read More

Help us make more Episodes