GoSecure Blog

Throwing it out the Windows: Exfiltrating Active Directory credentials through DNS

This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it. It is available under an open source license on GitHub.
Read More

Topics: tool, password, pentest

How I Indexed the Darknet and Pastebin During My First University Internship

[Ed: And all I got is this lousy t-shirt]

This blog is the outcome of my 4 months of internship at GoSecure. This research internship was goal oriented and I had to pick out of 5 different research projects. I selected a topic I knew little about in order to challenge myself: crawling and indexing data. Here, I will describe two internal projects that we have developed to gather all kinds of interesting and valuable data. The first project aimed at gathering data on .onion sites—known as the Darknet—while the second one focused at gathering data on sites like Pastebin, GitHub’s gists and Dumpz. Besides this blog, I will present with Olivier Bilodeau these two projects at an academic law enforcement conference later in June.

Read More

Topics: Research, darknet, tool, leaks, pentest

VMware Horizon (V4H/V4PA) desktop agent privilege escalation vulnerability (CVE-2017-4946)

The story of a privileged handle...

Context

As virtualization technology continues to become the corporate standard, the popularity of Virtual Desktop Infrastructure (VDI) in large enterprises has been increasing. These automated environments can provision desktops and applications from the internal and external network on top of virtualization technology without an IT administrator’s input. There are many components involved in a VDI infrastructure, but one specifically caught our attention on a customer mandate back in September 2017: the Windows "vmwagent.exe".

On this particular mandate, we had to escape the VDI environment with developer access and without local administrative access. The customer had done a great job at image hardening; services, applications and operating systems were well configured and patched, with up-to-date antivirus software, behavior monitoring, and strong passwords. Faced with this situation, we decided to perform a quick look around with the popular Process Explorer from the
Read More

Topics: vulnerability, windows, enterprise, exploitation, pentest, privilege-escalation

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all