I am back to my favorite security research: How to abuse certificates in a Windows / Active Directory environment! If an Active Directory integrated certification authority sign a certificate with a custom Subject Alternative Name of your choosing, you can impersonate any administrator in an AD forest. I've published two blog posts about how to … Continue reading Rogue Certificate Challenge: No Hardware Tokens, No Linux, Just a Web Server with Certificate Mapping.
How can you read files encrypted with Windows's Encrypting File System if you neither have access to the owner's encryption certificate and key and nor that of a legit data recovery agent (DRA) ... but if you are a local administrator? This work is still inspired by the hackthebox machine Helpline. You were able to … Continue reading Injecting an EFS Recovery Agent – and Let the Virus Scanner Help You!
Another great machine has been retired on hackthebox.eu - Helpline by @egre55! Here is my 'silly' unintended way to root the box: You can get both the encrypted user and root flag via the cumbersome web RCE alone - if you wait for a legit user to just look at the file. This is unlikely … Continue reading Helpline @ hackthebox: Injecting an EFS Recovery Agent to Read Encrypted Files
Why I am not afraid of the AI / Big Data / Cloud powered robot apocalypse. SQL order injection means to run custom SQL queries through web interfaces because the input to the intended query is not sanitized, like appending the infamous ' OR '1'='1 to a user name or search term. It is 2nd … Continue reading Unintended 2nd Order SQL Injection
You know you have become a dinosaur when you keep using outdated terminology. Everybody else uses the new buzz word, but you just find it odd. But someday it will creep also into your active vocabulary. Then I will use the tag cyber something, like stating that I work with cyber-physical systems. But am I … Continue reading Cyber Something
I am joining the ranks of self-proclaimed productivity experts: Do you feel distracted by social media? Do you feel that too much scrolling feeds transforms your mind - in a bad way? Solution: Go find an online platform that will put your mind in a different state. Go hacking on hackthebox.eu. I have been hacking … Continue reading Hacking
I have clicked on company websites of social media acquaintances, and something is not right: Slight errors in formatting, encoding errors for special German characters. Then I notice that some of the pages contain links to other websites that advertize products in a spammy way. However, the links to the spammy sites are embedded in … Continue reading The Orphaned Internet Domain Risk
I planned to read something about history this summer. Then I picked the history of hacking. My favorite was Kevin Mitnick's autobiography - the very definition of a page-turner. The book is free of hardcore technical jargon and written for geeks and lay audience alike. Readers are introduced to the spirit of a hacker in … Continue reading When I Did Social Engineering without Recognizing It
I like to play with phones. 5 years ago my cell phone decided it wanted to play on its own. It did participate in a TV voting - so the provider said and the itemized bill proved. This was for a music show I wouldn't even watch if somebody paid me for doing so. The … Continue reading 5 Years Anniversary: When My Phone Got Hacked
An e-mail discussion related to my recent post on IT security has motivated me to ponder about issues with Public Key Infrastructure once more. So I attempt - most likely in vain - to merge a pop-sci introduction to certificates with sort of an attachment to said e-mail discussion. So this post might be opaque … Continue reading The Strange World of Public Key Infrastructure and Certificates
This is in praise of Peter Gutmann's book draft Engineering Security, and the title is inspired by his talk Everything You Never Wanted to Know about PKI but were Forced to Find Out. Chances are high that any non-geek reader is already intimidated by the acronym PKI - sharing the links above on LinkedIn I have been … Continue reading What I Never Wanted to Know about Security but Found Extremely Entertaining to Read