I am back to my favorite security research: How to abuse certificates in a Windows / Active Directory environment! If an Active Directory integrated certification authority sign a certificate with a custom Subject Alternative Name of your choosing, you can impersonate any administrator in an AD forest. I’ve published two blog posts about how to…
Tag: Security
Injecting an EFS Recovery Agent – and Let the Virus Scanner Help You!
How can you read files encrypted with Windows’s Encrypting File System if you neither have access to the owner’s encryption certificate and key and nor that of a legit data recovery agent (DRA) … but if you are a local administrator? This work is still inspired by the hackthebox machine Helpline. You were able to…
Helpline @ hackthebox: Injecting an EFS Recovery Agent to Read Encrypted Files
Another great machine has been retired on hackthebox.eu – Helpline by @egre55! Here is my ‘silly’ unintended way to root the box: You can get both the encrypted user and root flag via the cumbersome web RCE alone – if you wait for a legit user to just look at the file. This is unlikely…
Unintended 2nd Order SQL Injection
Why I am not afraid of the AI / Big Data / Cloud powered robot apocalypse. SQL order injection means to run custom SQL queries through web interfaces because the input to the intended query is not sanitized, like appending the infamous ‘ OR ‘1’=’1 to a user name or search term. It is 2nd…
Cyber Something
You know you have become a dinosaur when you keep using outdated terminology. Everybody else uses the new buzz word, but you just find it odd. But someday it will creep also into your active vocabulary. Then I will use the tag cyber something, like stating that I work with cyber-physical systems. But am I…
Hacking
I am joining the ranks of self-proclaimed productivity experts: Do you feel distracted by social media? Do you feel that too much scrolling feeds transforms your mind – in a bad way? Solution: Go find an online platform that will put your mind in a different state. Go hacking on hackthebox.eu. I have been hacking…
The Orphaned Internet Domain Risk
I have clicked on company websites of social media acquaintances, and something is not right: Slight errors in formatting, encoding errors for special German characters. Then I notice that some of the pages contain links to other websites that advertize products in a spammy way. However, the links to the spammy sites are embedded in…
When I Did Social Engineering without Recognizing It
I planned to read something about history this summer. Then I picked the history of hacking. My favorite was Kevin Mitnick’s autobiography – the very definition of a page-turner. The book is free of hardcore technical jargon and written for geeks and lay audience alike. Readers are introduced to the spirit of a hacker in…
5 Years Anniversary: When My Phone Got Hacked
I like to play with phones. 5 years ago my cell phone decided it wanted to play on its own. It did participate in a TV voting – so the provider said and the itemized bill proved. This was for a music show I wouldn’t even watch if somebody paid me for doing so. The…
The Strange World of Public Key Infrastructure and Certificates
An e-mail discussion related to my recent post on IT security has motivated me to ponder about issues with Public Key Infrastructure once more. So I attempt – most likely in vain – to merge a pop-sci introduction to certificates with sort of an attachment to said e-mail discussion. So this post might be opaque…
What I Never Wanted to Know about Security but Found Extremely Entertaining to Read
This is in praise of Peter Gutmann‘s book draft Engineering Security, and the title is inspired by his talk Everything You Never Wanted to Know about PKI but were Forced to Find Out. Chances are high that any non-geek reader is already intimidated by the acronym PKI – sharing the links above on LinkedIn I have been…
elkemental Force 