Resources

In this short blog post, I would like to show you how easy it is to backdoor Apache HTTP server running on the Linux platform by using malicious Apache module with rootkit functionality. In the 2nd part of this post I want to focus on detection steps of how to use OSquery to catch suspicious activities and 'connect the attack dots' together at scale.

Read now

The proof of concept code for using FreeIPA-LDAP instance as a central storage for your binary, malicious payload or just stolen data. During an APT campaign or pentest, there is a scenario where two endpoint devices can't talk directly to each other. However and because both devices are members of FreeIPA-based Linux Domain Controller Environment, they both can connect to the same LDAP ports (389/636/TCP), where the possibility exists to upload and download base64 encoded data from/to well-known LDAP attribute names. Now, what is even more surprising, there is pretty much no attribute length restriction in use, which means we can use ex. 'gecos' attribute as an unlimited storage space to send/upload data and bypass FW/IDS/IPS protection.

Read more

Penetration testers like using mind maps and other brainstorming stuff which help them conducting high-quality offensive security services. Because the overall complexity of OS software security is more and more sophisticated, I have prepared a map to systematize it. I hope you will find it as a valuable tip.

Read now

Read now