Image for post
Image for post
I really put pressure on myself this year to try and live up to my own “R is for Red Team” Cybersecurity ABCs advice... :)

Well, its that time of year again and somehow between the crazy Q4 consulting work as a Principal Security Consultant, a new baby on the way, the holidays, and time with my family, I was able to squeak out another annual HHC by SANS. Like always, the team at Counter Hack blew me away with the creativity of the story and the challenges. I don’t know how they continue to outdo themselves year after year! This time they had Blockchain, Proxmark, mini-games, Splunk, Redis, Hash collisions, CAN-bus vehicle hacking, REGEX, JavaScript, AppSec, and encryption, to name a few.


Image for post
Image for post
From my Children’s Book, “B is for Blue Team”

UPDATE: The founder of 1Password responded to this blog after it was posted and explained that the majority of password managers out there leverage Mozilla’s Public Suffix List (PSL) to determine how the domain is to be treated. He looked and saw that Auth0 was not on the list for whatever reason, so it seems likely some of these password managers do actually take subdomains into consideration, as long as they’re on the PSL. It seems to me an attacker setting up a phishing campaign would want to check the PSL first to determine if this type of attack would…


Intro

What do you get when you combine Google Images, QR Codes, and Remote Command Execution? This silly project of mine I’d like to share with you all, of course! Building off of my security research from my last couple of blogs, I decided to use my research using dynamic web content to proxy traffic over third party image providers, and try to find a valid bi-directional method for sending data between a NAT’d client and a public server. Alternatively put, I wanted to see if I could build my own crude Command and Control (C2) framework from scratch which…


Intro

On the heels of my last blog when I discovered how to prevent all of my phishing emails from landing on any blacklists, I realized that sometimes Gmail, Microsoft 365, and possibly other email providers will mark an email as suspicious simply because an embedded tracking pixel doesn’t really reference an image at all. What if there was a way to reference a real image but also pass parameters through to a back-end? What if you could use trusted third party image hosting services at places like Google and Imgur to relay information across? …


An Effective Technique for Avoiding Blacklists

I promised myself I would never do another phishing blog out of respect for the roughly five hundred fifty billion infosec articles already out there on the same subject. It turns out I’m a big ‘ol liar. While working on my PhishAPI framework during a phishing engagement for a client, I believe I stumbled upon something significant I wanted to share with the community. At least, it is for me and greatly improves my success rate as a red team security consultant, and there should be a good lesson here for blue teams as…


“TrstdXploitz” by “L33terman6000”

I’ve been wanting to perform an experiment for some time now and finally got around to it. I present to you what I think is a unique spin on an old idea, a new type of honeypot. Follow along as I explain the adventure that unfolded, including personal threats, Distributed Denial of Service attacks, the Dark Web, and some shocking statistics! Warning: Some egos were likely harmed during the making of this blog.

As a Security Consultant, I’m always advising my clients during web application security assessments to review third party code before merging it in with…


Intro

I previously wrote in another blog last year about the responsibilities companies have to protect their users when it comes to vulnerabilities and not just their own assets. Although not a continuation of that specific topic, I felt compelled to write this post due to the string of recent events and blame shifting I’ve seen in the news recently with Disney+, Ring, Nest, and so many others. It typically goes like this; There’s a breaking news headline about hackers breaching a service and gaining access to customer accounts. Shortly after, the company denies any such event and instead blames it’s…


My Holiday Hack Challenge Report

Image for post
Image for post

Update: I received an Honorable Mention! Thanks SANS! Also, I realized after reading other people’s reports that I completed a few of these objectives in unconventional ways. Specifically, The Holiday Trail, Reverse Engineering Encryption, and the SQLi Student Portal one. See the other amazing reports out there for these to see how they’re actually supposed to be completed. :)

Hello! I wanted to share my results from this past year’s Holiday Hack Challenge (HHC), put on by the SANS (CounterHack/NetWars) folks. Ed Skoudis is my flippin’ hero! I don’t know how, but they’ve somehow outdone…


Intro

I wanted to share an interesting behavior I discovered with Microsoft Office documents using a fully patched Windows 10 operating system and an up-to-date local installation of MS Office 365. I’ve been doing a lot of development work on my phishing tool lately, PhishAPI, and more or less stumbled across this new technique. I have reported it to Microsoft.

I’m writing this blog post in order to hopefully shed some light on the risk this issue introduces and to assist with white-hat phishing techniques. Most savvy users know better than to enable “Protected View” mode when opening their remote Office…


Image for post
Image for post

Update: Since publishing this blog, I’ve been made aware of securitytxt.org, which is ironically exactly what I had in mind here. Although, I still think a Burp parser would be super awesome for someone to add some day so I’ll keep the original blog for now below. :)

“What’s all the hubbub, bub?”

In this blog I’d like to talk to you about hunting bugs in your environment. After all, a large part of proactive security is all about finding and eliminating bugs before your adversary can leverage them against you. It’s not a point-in-time task, it’s a constant battle due to new issues which…

Curtis Brazzell

Passionate geek for Information/Cyber Security! I’m always learning and am happy to contribute anything I can share with the community. Follow me @ Twitter!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store