Welcome to my guide on dynamic binary instrumentation (DBI). In this article, we’re going to learn the evolution of general binary analysis methods and how to perform some common routines used by security researchers. DBI in itself is a powerful way to gain visibility, modify behavior, and fuzz closed source binaries without having to re-compile or run the original code itself. In fact, there are use cases where engineers have optimized code performance by using instrumentation. If you’ve ever heard of “hot patching” or “function hooking”; that’s exactly what DBI does.

After reading this article, you should be able to:

  • Understand the common methodologies for binary analysis and their…


This week I’ve had the pleasure of dealing with lots of wireless (WLAN) de-authentication attacks on my Wireless AP’s (WAPs) with attempts to crack my WPA2 key. The reason why I found it quite enjoyable was because it gave me an excuse to implement 802.1X WLAN Security using my new toys. 802.1X authentication greatly increases your security posture over shared secrets when deployed correctly.

Particularly, I purchased a Ubiquiti UDM-PRO and UAP-PRO-AC products to replace my toaster of a PFsense box and other WAP’s. There’s certainly lots of room for privacy and security improvement in the products; but the simple interfaces gave me some analytics that helped me come up with a mini A/B test troll experiment for the would be “script kiddie” knocking down my wireless network. …


In this article, we’re going to learn how to use COM objects and PowerShell in Windows to execute shell commands with a couple of techniques for evading some endpoint security. Specifically, what you should get out of this is:

  • Learn what COM objects are
  • Enumerate COM Objects in Windows
  • How to run COM objects in .NET compatible wrappers to Windows API
  • Learn how to create your own simple encryption and decryption routines for evasion

Disclaimer: Please do not utilize anything you learn in this article for unauthorized or illegal purposes.

What are COM Objects?

COM objects stand for Component Object Model for Windows. It was introduced in the early 90’s as a means for developers to interface and re-use code locally on systems as well as across networks for which the term becomes DCOM, or distributed COM. Accessible COM objects in the user space of a system exposes application programming interfaces (APIs) that are within dynamic link libraries (DLLs) registered and loaded into the Windows system for you to use. As you might imagine, it didn’t take penetration testers and malware authors long to make use of COM from it’s debut. …


Welcome to Part 2 of our three part series on our journey to the GIAC Security Expert (GSE) certification. If you’re looking for Part 1 or wish to learn more about how we setup Google Cloud Compute VPS and Colab Jupyter Notebooks, please use this link. In this guide we’re going to focus on a few tools and use cases that aren’t always used by defending analysts because they’re not in penetration testing engagements.

In the GSE, you will be tested on GCIH foundations which include basic tool usage. You don’t have to master every single tool but you should be able to run them in their basic forms and be able to identify artifacts that they leave behind. According to the GSE official documentation Kali 2018.1 will be used. This is very important to remember as you’re preparing your practice environment as there are huge changes in the rolling releases from 2018 to today’s 2020 image. The different tool versions as well as locations differ drastically. …


I’ve decided to write a guide on my journey towards getting the GIAC Security Expert (GSE). This guide is focused on those who are also planning on obtaining their GSE and or are in the middle of studying for the qualifier exam or the labs now.

Even if this does not apply to you; there are loads of high quality tips for command line and scripting considerations for your daily security administration.

This is a three part series. Part 1 is about my prep for the qualifier exam and hands-on prep work for the labs which includes:

  • Setting up free Google Cloud VPS and Colab Juypter Notebook environments for scripting and linux based tools for hands on…


All over the web there’s terms like “fake news”; the equivalent to such in the security world is “false flags”. What will Cyber Threat Intelligence (CTI) Programs do about it today in almost every Fortune 100?

After all, there’s tons of information in the form of paid and OSINT feeds out there that enrich and add value to any indicators cyber security defenders may see in their own networks. …


It’s not every day that you get a phone call at 2 AM asking for a breach response job. Let alone, one that we would later discover to be originated from not just any insider threat — a rogue security professional insider threat. In this article I will walk you through what happened in this incident, the indicators of compromise (IOCs), Tactics, Tools, and Procedures (TTPs), and the strategies involved with detecting and responding to a rogue cyber insider.

The article will be a blend of technical details and strategic oversight guidance in tandem with our story. After the details and story, you will find strategic mind maps and other thoughts on combating this type threat. We created this article largely because everyone has mentioned insider threats at some point; but no one has really addressed any specific scenarios around if the actor was one of their own defenders. …


Introduction

I’ve decided to take moment to reflect on who and what were beneficial to me during my journey to become a cyber security professional. In this brief guide, I go over security expertise requirements, best practices, and recommendations for individuals looking to transition into security professionals. This is also a useful pocket guide for recruiters in selecting talented candidates and snuffing out less than credible or incompetent professionals diluting our field. We’re going to cover:

  • Briefly comparing backgrounds
  • Prerequisite Knowledge
  • Understanding just how large the security profession is
  • Examine the security foundations, credentials, experience, and trends
  • Setting realistic salary expectations
  • Spotting good candidates and recruiters for long-term…


In this article, we’ll go over some example C code that is Windows x86 compatible and analyze binaries using Ghidra to help you write or improve upon your shell code creation skills by crafting the payload first. The practical applications of malware analysis and reverse engineering efforts can help penetration testers improve their evasion techniques and achieve command execution on systems without Linux (or ported) tools against Windows systems. We’ll examine samples using native windows libraries, compilers, C based shell payload, and Metasploit (MSFvenom) payload for Windows. Are you ready? Let’s dive right in!

Disclaimer: The methods, code examples, and techniques mentioned throughout this article for educational purposes only. All code or compiled binaries are provided ‘as is’ with no expressed warranty. …


This technical article will teach you how to pre-process data, create your own neural networks, and train and evaluate models using the US-CERT’s simulated insider threat dataset. …

About

Dennis Chow

Director of Penetration Testing | USAF Veteran

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store