NAC-bypass (802.1x) or Beagle in the Middle

When a customer tells me they have NAC implemented, I tell them they shouldn’t trust it. That it is only a deterrent or it slows someone that is determined to infiltrate your network. Most of the time customers believe you and just give you access to the network without having to deal with NAC hassle or you circumvent it using the printer or a flawed port configuration. Sometimes the customer wants you to show them though… Usually because their network admin told them it was impossible for an attacker to access the network, even with physical access to workstations ...

more ...


Passive Parameter Reflection Scanner

Whenever I test a website for security holes one of the vulnerabilities I look for is XSS. Everyone knows XSS and most scanners pick up the easy ones. So because scanners don’t always find every XSS bug I go hunting manually ofcourse. The workflow is kind of like this:

  1. Browse through history looking for parameters
  2. See one I like and search through response for said parameter
  3. If it’s reflected you can start trying; otherwise you have to start at step 1 again.
  4. Rinse and repeat.

As you can see this takes some time and it would be easier ...

more ...

Stealing KeePass(words) with Vivisect

This blogpost is simply documenting the cool 'homework' assignment by @m0n0sapiens for his Reversing with Python workshop at BruCON 0x05. So all credits to him and his original PyDbg version. It took some time getting the Vivisect library to play ball on my Windows 7 64-bit VM, but after that it was all straightforward with the Vivisect library handling things like parsing the arguments and stored return address in the hook callback.

more ...