Ever wanted to run multiple VPNs at the same time from the same device? Route a client down a different VPN at a boundary linux router? Introduction Linux has a wealth of networking capabilities, to the degree that it can operate as quite a powerful router, just without the hardware acceleration you get with a […]
Multiple VPN tunnel selection using policy routing Read More »
Over the weekend I enabled DNSSec on this site and blogged about it [1]. Today Lets Encrypt renewed the certificate on the Origin Server via DNS-01 – its setup uses CNAMEs to allow internal devices to get public certs, described in an earlier blog post [2]. The certificate renewal failed. Considering it has worked since
Lets Encrypt Failure – It was DNS(ish) – a conspiracy of coincidences Read More »
DNSSec is a technology that adds a layer of protection so that domain names and websites like this one are more resistant to being hijacked by a spoofed domain. In this case it provides an additional layer of authentication to allow a DNS resolver to prove that the answers it got are valid and not
DNSSec All The Things – An Easy (and free) Way Read More »
During a recent red team engagement, we came across several useful artefacts after compromising an IT helpdesk user account. One of particular interest contained a list of useful sites, including a well-known password generator site. This is one of a class of sites that generate a password by selecting a number, say 4, random words
Three Random Words – An adventure in passphrase cracking Read More »
Several months ago, whilst on a client engagement, I identified a number of zerodays in an enterprise asset management application called EasyInstall. This gave me, among other things, elevation of privilege on managed assets, a wealth of information for recon, and – most interestingly – unauthenticated remote secure wipe of any asset. The blog on
Vulnerabilities in EasyInstall asset management Read More »
As an adversary it is useful to establish a base of operations from within the target network that is not controlled by the target organisation. This avoids the need to circumvent various EDR/AV solutions that could not only block our actions, but worse, expose us to the target. Homeworking solutions can offer malicious insiders a
Insiders, Homeworking and Split-VPN Read More »
For the first blog on this new site I wanted to talk about a simple technique to get LetsEncrypt certificates for internal devices (those not exposed to incoming Internet connections). Some may ask why do this – isn’t it exposing information about your internal network to the outside world. Well, yes. However, I want to
Lets Encrypt Inside Read More »