NetsPWN: Assessment Services

Breaking Out! of Applications Deployed via Terminal Services, Citrix, and Kiosks

Scott Sutherland

May 22, 2013

The goal of this blog is to provide a simple process for testing common breakout scenarios related to applications published via Kiosks, Terminal Services, and Citirx using manual techniques and free tool kits. This should be useful to penetration testers and system administrators alike.
READ POST

NetsPWN: Assessment Services

Patching Java Executables – The Easy Way

Khai Tran

May 16, 2013

The process of patching a Java executable (.jar files) without the original source code has been known for a while. As I know of, currently there are two ways of doing it: Decompile the executable > Import …
READ POST

NetsPWN: Assessment Services

Adding PowerShell to Web Shells to get Database Access

Antti Rantasaari

April 22, 2013

File upload vulnerabilities and web shells are not a novelty when talking about web application security. It’s not rare to see a web shell result in a full compromise of the web server. For example, Metasploit can generate uploadable web …
READ POST

NetsPWN: Assessment Services

GPU Cracking: Setting up a Server

Eric Gruber

April 15, 2013

Last week Karl Fosaaen described the various trials and tribulations we went through at a hardware level in building a dedicated GPU cracking server. This week I will be doing a complete walkthrough for installing all the software that we use on our box. This includes installing the operating system , AMD drivers, oclHashcat-plus, and John the Ripper with OpenCL support.
READ POST

Compliance

Why does one QSA pass me and another would not?

Steve Kerns

April 11, 2013

A question came up about a PCI audit that was performed for one of our customers. They just finished their PCI audit and passed. I am now working with them on a new software application and there is a vulnerability …
READ POST

NetsPWN: Assessment Services

GPU Cracking: Building the Box

Karl Fosaaen

April 7, 2013

This winter, we decided to create our own dedicated GPU cracking solution to use for our assessments. It was quite the process, but we now have a fully functional hash cracking machine that tears through NTLMs at roughly 25 billion hashes per second (See below). While attempting to build this, we learned a lot about pushing the limits of consumer-grade hardware.
READ POST

NetsPWN: Assessment Services

Certificate Pinning in a Mobile Application

Steve Kerns

April 1, 2013

Many times during our mobile application penetration testing, we are finding the applications are vulnerable to man-in-the-middle attacks (MITM). Certificate pinning is one part of the answer to MITM attacks in a mobile application. For those who do not know …
READ POST