News RSS
The power of dynamic socket injection: WSUS command execution as [NT AUTHORITY/SYSTEM]
Context Some time ago we published an important update to Syphoon, featuring the new dynamic socket injection system. In short, this allows using Ruby code to generate content on the fly for context-dependent injections. Taking things further To demonstrate the power of dynamic injections, we thought we'd publish a new release of Syphoon, this time including some new scripts. Specifically, two new scripts are provided to attack the Windows Update system (WSUS) when configured to use HTTP. wsus-inject-cmd This first script simply allows running commands (through cmd.exe) as 'NT AUTHORITY/SYSTEM' on any client machine requesting WSUS through HTTP. This is...
Pwn harder with dynamic injection in Syphoon 1.4.0
The best socket injection system just got better Socket injection is big fun for sure. Easily drop XSS-based attacks on victim browsers with a simple regex, inject payloads within SMTP/POP emails, or simply embed raccoon pictures in every web page. However, static strings can only take us so far. There comes a point when we start thinking it would be nice for the string to be a bit more flexible, maybe even dependent on specific conditions for each injection. This is taking us into the realm of dynamic injection. Introducing dynamic injection Instead of simply asking Syphoon to insert some...
A new USB injection tool
USB injection is such a pleasure: find an open session, plug in, loot. Operational constraints can make it difficult though: not knowing the keyboard layout of the victim for example. Whenever flexibility is key, our signature injector Azban is able to deploy payloads on virtually any OS and keyboard layout combination. However to achieve this Azban requires the victim workstation to be connected to the Internet. While this is not an issue in many cases, there are situations where an offline injection is actually required, such as tightly-restricted corporate network environments. Thus, a new solution presents itself in the form...
Stickers!
Show off some Ringtail We have combined our best logos and illustrations onto a single sticker sheet. Cover your laptop, phone, shoes, pet rock or whatever in these beautiful, detailed and highly resistant stickers. The actual size of the sheet itself is 152 mm x 102 mm. Get your stickers today!
New Ringtail X Happyraccoons hoodie
Ringtail X Happyraccoons Continuing our work with independent artist @Happyraccoons, we bring you this next item of awesome merch. Discover this beautiful Ritual hoodie featuring a full-scale illustration on the back. Stay tuned and sign up for the newsletter to get all the updates! If you are not yet familiar with @Happyraccoons, we recommend you check out their work.
Tags
- All
- 3D print
- azban
- Basilisk
- Birb
- Bundesfeiertag
- bypass
- case
- defend
- delivery
- detect
- embedded
- enclosure
- ethernet
- gigabit
- injection
- inspection
- lan
- merch
- microcontroller
- migration
- mitm
- NAC
- Nautilus
- netsplit
- network
- packet
- payload
- pentest
- PoE
- radio
- replay
- SDK
- shell
- shop
- Skunk
- sniff
- Sparkplug
- Swiss day
- Syphoon
- transition
- TTL232
- UART
- usb
- web
- wifi
- Windows
- wireless
- WSUS