USB Rubber Ducky – Part 2: Attack of the HID

Background The USB Rubber Ducky was introduced in our previous post “The Return of USB Auto-Run Attacks“.  This is the first of many follow-ups, that introduce new attack scenarios and the increase in functionality, that really makes this tiny device a big part of the hearts of penetration testers. Brute-force attacks…

Magstripes Revisited | Access Control – Part 1 | InteliSecure

Background You would think in this day and age that everyone would be using RFID for access control on their buildings / environment. You’ll be surprised that magstripes are still quite commonly in use. But unlike hotels (at least the reputable chains I’ve stayed at, I’ve always held onto the keycard and then analysed the keycard back at the office) which appear to encrypt their data, the access control mechanism…

The Return of USB “Auto-Run” Attacks

Background USB Autorun attacks became the rage back in 2005.  Hak5 created a project to increase awareness of this security issue called USB-Hacksaw, originally a U3 device that would auto-run a series of programs.  This could be used from general system administration tasks, or potential malicious tasks; such as installing back-doors and running password collection programs.  Shortly, Vendors like Microsoft started to remove Auto-run capabilities to prevent more serious malware…

Domain Password Audits | InteliSecure

Background With Anti-Virus technology continuing to block auditing/hacking tools like pwdump/fgdump, the ability to audit passwords on a domain is starting to increase in difficultly.  In a series of recent audits it has been challenging to extract the domain hashes, and upon using familiar common tools like pwdump the Windows Security Accounts Manager (SAM); surprisingly only reveals two accounts, where we would expect a long list of domain hashes. Example Output: Administrator:500:3CED43EE2B6F79553F211111D2509C89:2A39F8C2138329F953111D035C1E99AB::: Guest:501:C5C111117DB4E3E7C1E86A266265BCA9:F6B11111D3531AA18821F8B087AE2610::: These…