The power of dynamic socket injection: WSUS command execution as [NT AUTHORITY/SYSTEM]
Context Some time ago we published an important update to Syphoon, featuring the new dynamic socket injection system. In short, this allows using Ruby code to generate content on the fly for context-dependent injections. Taking things further To demonstrate the power of dynamic injections, we thought we'd publish a new release of Syphoon, this time including some new scripts. Specifically, two new scripts are provided to attack the Windows Update system (WSUS) when configured to use HTTP. wsus-inject-cmd This first script simply allows running commands (through cmd.exe) as 'NT AUTHORITY/SYSTEM' on any client machine requesting WSUS through HTTP. This is...
Pwn harder with dynamic injection in Syphoon 1.4.0
The best socket injection system just got better Socket injection is big fun for sure. Easily drop XSS-based attacks on victim browsers with a simple regex, inject payloads within SMTP/POP emails, or simply embed raccoon pictures in every web page. However, static strings can only take us so far. There comes a point when we start thinking it would be nice for the string to be a bit more flexible, maybe even dependent on specific conditions for each injection. This is taking us into the realm of dynamic injection. Introducing dynamic injection Instead of simply asking Syphoon to insert some...
Network exfiltration via DNS & ICMP with Bonfire
Exfiltration made easy Need to break out of a tight network? Skip the headaches and mount a TCP tunnel over DNS or ICMP with Bonfire. Flexible, reliable and efficient, Bonfire allows transparently forwarding connections from one host through another with ease. A single portable binary offers both client and server functionality. Even better, Bonfire runs equally well across Windows and Linux operating systems. Elevated privileges are not even required most of the time. The best part? It's free and fully open-source. Go get it today!
Defend your infrastructure with Artio
How secure are your networks? Artio shines a new light on your network to reveal things no other solution can see. Built on our experience with network intrusion, this next-level detection system can identify threats previously kept under the radar. Detect NAC bypass, ghosting, MAC cloning, poisoning and more Artio is the first commercially-available solution to detect Ethernet ghosting / NAC bypass. Artio also detects network scans, partial ghosting / MAC theft, poisoning / MITM (Man-In-The-Middle) and more. Simple integration Artio is packaged as a standard 19" rack-mount unit (1U), with a short depth of only 230mm (including power connector). Detection...
The new Skunk is here!
Your favorite switch just got even better The Skunk gets a new version for 2022! Still providing the same features you know and love, the software remains the same but the hardware has had some visible changes. Probably the most obvious is the move from the classic green soldermask to a fresh purple. Some changes are not just cosmetic though: the physical footprint has been reduced quite a bit. From 84x75 mm down to 75x61 mm, the Skunk just got a 27% size reduction. It now takes even less space in your hacker backpack or toolbox. This becomes pretty obvious when...
- 3D print
- Swiss day