Press "Enter" to skip to content

Month: May 2014

File Server Triage on Red Team Engagements

Note: this topic was cross-posted on the official Veris Group blog One common activity performed during red team assessments is data pilfering of compromised servers, particularly file servers. These systems can host an incredible amount of useful information and often the target data you’re after. However, the triage of a machine with literally millions of files can be an incredibly time consuming process. Examining the innumerable number of files, folders, and shares is how some red teams break their new members over a span of days, weeks, and months. This post will cover a few techniques to hopefully help you find what you’re looking for when…

Pwnstaller 1.0

Edit: a presentation on Pwnstaller 1.0 was given BSides Boston ’14- the slides are posted here and the video of the talk is here. This topic was also cross-posted on the official Veris Group blog. Pyinstaller, for those of you who aren’t aware, is a useful program that “converts (packages) Python programs into stand-alone executables”. This is great for the distribution of Python-based projects, as a developer doesn’t have to rely on Python already being installed on a user’s system. A few years ago, the security community started to realize that Pyinstaller could be repurposed to distribute malicious binaries during pentests. Debasish Mandal’s post describes how…