Link to part 2: https://securityshenaningans.medium.com/architecture-of-a-ransomware-2-2-e22d8eb11cee

Last couple of months we’ve seen a rise in ransomware related incidents, mostly due to the increase of remote work because of COVID-19. Nevertheless, not all ransomware works in the same way, and in order to have a better incident response in the event of…


In part 1(https://securityshenaningans.medium.com/architecture-of-a-ransomware-1-2-1b9fee757fcb) we explained key concepts necessary to understand how efficient ransomware works. In this part, we’ll illustrate a couple of these concepts with some python code. We’ll also go into basic usage of the pycryptodome python library for encryption. I won’t be publishing the full source code since…


Link to part 1.

Recap: In part 1 we saw general considerations you should keep in mind in order to start setting up your infrastructure, as well as technical steps to setup your domain with SPF and DKIM records. In this part we’ll get to a score of 10/10 and…


Link to part 2: https://medium.com/bugbountywriteup/recipe-for-a-successful-phishing-campaign-part-2–2–68552806dcba

Introduction

Phishing attacks are great first-entry vectors with technical details which are frequently overlooked by both white and blackhat hackers.

Having participated in multiple phishing campaigns over the years, both in offensive as well as defensive teams, I’ve learned from trial and error a lot of…


Introduction

In part 1 we compromised an account with multiple permissions, but no Administrator access. We found a potential role that would allow us to escalate privileges, following one of the methods in Rhinosecuritylab’s post. Briefly explained, we’ll try to create an instance and attach to it a privileged role at…


Note: Here’s the link to part 2.

Introduction

This is a real case study of how to enumerate and use IAM permissions to your advantage. I strongly suggest you read my previous article on how IAM permissions work. It’s long, but necessary to understand most of the things we did here…


Introduction

When I started getting into AWS pentesting, one of the hardest things to fully understand was IAM. AWS documentation is usually great, but can be extensive, and IAM has a lot of similar terms. …


This is the story of how only two insecure configurations allowed us to take down an entire cloud hosted company. It was a gray box pentest for a relatively big client, in which we were tasked with assessing the security of about 5 development endpoints, accessible only using a client…


On part 1 we briefly explained how we got administrator privileges to almost all BMC devices hosting a native Openstack cloud. In this part we’ll show how we used these to achieve complete compromise.

If you’ve read up on BMC devices, by now you’ll know that they allow you to


Link to part 2

Introduction

In this write up we’ll see how we were able to combine direct sqlmap connection to a database with BMC/IPMI exploitation to compromise a big cloud-hosted client.

Getting a foothold

A couple of years ago, our team was tasked with performing an infrastructure pentest in an Openstack network. It…

Security Shenanigans

I’m a security engineer who enjoys writing about experiences in the infosec field. linkedin.com/in/federlago.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store