Skip to main content

Posts

Showing posts from March, 2009

Welcome to Mark Baggett - In Depth Defense

I am the course Author of SANS SEC573 Automating Information Security with Python. Check back frequently for updated tools and articles related to course material.




No exploit Metasploit usage - VNC and Keylogging

OK.  I admit it.  I use metasploit at work.  Of course, I have permission to use it as a penetration testing tool, but I find it to be very useful in other circumstances as well.    I often use the PSEXEC "exploit" to provide username and password to fully patched machines for administrative purposes.   For example, it has come in handy when the standard remote access tools have been removed and there is a remote machine that the support center is unable to access.   They, rightly so,  have figured out that if the security team can get in to their machines without usernames and passwords, it should be pretty easy for them to help recover a managed machine with known usernames and passwords.   One option to troubleshoot the broken admin software is to remotely (and temporarily) install VNC on the stranded host.  I use to connect to the remote c$ with administrator credentials, copy up vnc, import the required registry keys, start the server, fix the problem, clean up the regis

Metasploit adds new keylogger and Mac payloads

Metasploit added some pretty interesting payloads to its arsenal this week.   First, Meterpreter (the only payload you'll ever need) added a keylogger.  Plus, they have added some cool payloads for the Mac.   There are a set of isight payloads that will snap a picture from the isight camera (bind_tcp, reverse_tcp, etc).   This payload is an part of the "bundle inject" payload which are documented in the Mac OS X hackers handbook   this looks like it could be the beginning of a meterpreter like plug-able payload for OSX.    Charles Miller, winner of the new Macintosh Powerbooks at both the 2008 and 2009 Pwn2Own contests is coauthor of the payloads along with Dina Dia Zovi.   That is definitely a book I will be adding to my library.   Here is a recent presentation with some interesting information on the payloads.

SANS 504 - Hacking Techniques, Exploits and Incident Response Augusta, GA

I'm going to mentor another SANS 504 session this fall.  Hacking Techniques, Exploits and Incident response is one of my favorite SANS classes.   This is my third mentor session and my second time running 504.   Last year SANS gave me the Mentor of the year award so they are giving me some additional flexibility in the mentor format.    This time we are running a modified mentor format.  We will have 13 more hours of class time than the normal mentor session.   That's more time for covering the materials and doing exercises.  If your interested get full details and sign up here.    Greater Augusta ISSA members contact me for a very special discount code.