Wow. So the last post here is now getting OLD.
I’ve let the blog get stale for a long time, but I think it’s time to get it back to life.
Over the recent year I’ve bought an oldie 4X4 and started enjoying off-road driving, who thought that I, who was once afraid of sleeping outside his house, will enjoy spending 3 nights in the middle of the Negev desert, away from all civilization? Apparently these things happen to the best of us. Hopefully I’ll be able to incorporate some of my hobbies in the blog as well and keep it interesting.
Here’s to a new beginning!
TL;DR – I passed the OSCP exam and had lots of fun doing it.
The Offensive Security Certified Professional (OSCP) certification is well known in the security industry as a really tough certification, unlike many certifications that rely on memorization and rote learning, the OSCP is awarded after a hands-on exam that forces the exam taker to demonstrate his knowledge through action.
I will try here to give a brief overview of the path I took towards this certification and share some of my thoughts about it.
With more and more high profile attacks, and rising customer expectations with regards to their privacy, Information Security studies, in various formats, are becoming a very lucrative field these days. For those of us already working in the field it may seem as either a good development, bringing in fresh blood into the system, or as a bad one with the field overcrowding with so called “experts” with a shinier diploma but zero experience.
There is one aspect however that I think most of us can agree on: too many courses are either just bad. There may be many reasons for that but I want to focus on one that I find is the most common – Teaching too much stuff in too little time. Continue reading
As I have explained earlier, I’ve had to write a crude password stealer as part of an information security course.
The right approach was to write the entire thing by myself, with the hash dump and smtp login coupled within my program. This however would take quite a lot of time, and between work and studies and my life, I was not in the right mood to write this myself. Thus, I’ve found myself looking at available tools of the trade and how to use them.
I decided to do it with two very simple command line tools, one being PwDump, a program that simply dumps your windows pass hashes. The other being blat, which despite it’s funny name (to us Russian speakers) is a very useful tool – It allows you to send files from the CLI via smtp. If you don’t see why you would need it, clearly you’ve never worked as a system administrator.
As part of the information security course I’m taking in college I’ve had to steal a user’s OS password and mail it to me.
I’ve decided not to write much code of my own and rather used pwdump to generate a password dump, and then blat to mail it to myself.
I wrote an app that lunches in a hidden console window, then downloads the main stealer app that in turn downloads pwdump and blat and then runs them in succession.
The dropper file then deletes all files generated.
In order to hide my app, I’ve injected it with inpect into a mahjong game installer. I’ve not implemented any type of fuzzing to avoid AV as it was not in our scope. But it wouldn’t have been hard.
The file to download is part of this post, but is password protected. I will post sources in a later post.