Breakpoint-labs

5 Ways We Get on Your Network: Relaying SMB Credentials

Posted on February 1st, 2017

Once your on an internal network your next thought maybe how can I man in the middle (MITM) systems on the network? OR How can I identify vulnerabilities in what appears to be a fully patched environment across systems? One way that often works while performing an internal pentest is to intercept broadcast protocols like […]

5 Ways We Get on Your Network: Multicast Name Resolution Poisoning

Posted on October 31st, 2016

We find that a majority of the time internal networks allow for credentials to be passed between systems via name resolution traffic such as the Link-Local Multicast Name Resolution (LLMNR) and Netbios Name (NBT-NS) services. By listening, intercepting and manipulating name resolution traffic an attacker can redirect authentication traffic to the attacker’s machine in a […]

5 Ways We Get On Your Network: Web App Vulnerabilities

Posted on October 24th, 2016

Web applications are a natural occurrence in almost every engagement. This is the case on both internal and external networks of just about every company or organization. Sometimes they are kept separate from the rest of the network, sometimes they are everywhere, and sometimes they are hidden or forgotten (even from the people who run […]

5 Ways We Get On Your Network: Phishing

Posted on October 19th, 2016

From penetration testing to real world attacks, Phishing remains to be an extremely effective way to establish a foothold into a target organization. This blog post is a follow-on to “5 Ways We Get On Your Network” with a closer look at Phishing and it’s various techniques. Phishing is essentially sending a malicious email to […]

5 Ways We Get On Your Network

Posted on October 14th, 2016

This will be the first blog post in a series designed to demonstrate how we commonly establish a foothold into a target network. Each blog post will dive into one of these common techniques at a deeper level, showing some practical application and defenses. The goal of this series is to help educate those who […]

Image

Tracking Domains w/o Blowing Up Your SIEM

Posted on October 5th, 2016

A common practice in SOCs is to periodically resolve known hostile domains to identify changes in adversarial infrastructure. There are a variety of approaches to help you track hostile infrastructure but your mileage may vary. If your monitoring capabilities are tuned to look for specific domains, you may end up adding a significant number of […]