In the previous article, we found the ransomware key, and now we are on the hunt for the Windows AD domain controller to decrypt the research data, which also contains the flag. In this article, we will concentrate on the host named Cayenne. Discovery Since we already performed host discovery, we do not need to do it again. However, we need to figure out which ones are Windows-based hosts out of the three left. The quickest way to figure out if a host is running Windows is by …
Security
Exploiting PrintNightmare
I am pretty sure that everyone in IT has heard of PrintNightmare (CVE-2021-1675) by now. Most, if not all, of the organizations, have installed KB5004947. However, that patch comes with caveats. On Friday, my colleague, who created the Kaos Corp CTF scenario, reached out to me to let me know that I can exploit the PrintNightmare vulnerability with his test VM, running Windows 2019 Server with the patch. I ran into a few obstacles, so I decided to build a VM locally …
Kaos Corp: Habanero
As mentioned in my previous article, our first internal CTF included an offensive security category called Kaos Corp. Since there are multiple hosts in the environment, it's better to break it into a series. In this article, we will concentrate on the host with a DNS name of Habanero. Scenario You are a security lead at a renowned University directly supporting the prestigious Scoville Lab. It is a research institute focused on leveraging unprecedented biotechnology …
Defending against SSH brute force attacks
I was a victim of SSH brute force attacks, which I covered here. As a result, I discovered a great solution without using SSH keys. As another layer of security, I added two-factor authentication to my server. A few years ago, I wondered if there was a solution in Cisco IOS. I discovered a security feature called login enhancements or login block. Let's look at how it can help defend from SSH brute force attacks by enabling this feature. What is login block? It is a Cisco …
[Read more...] about Defending against SSH brute force attacks
Securing Cisco IOS passwords
Over the years, Cisco has made improvements in storing passwords in the configuration file. As a result, securing Cisco IOS passwords is part of my checklist when hardening Cisco-based network infrastructure for clients. This article also appeared on Art of Network Engineering. History Cisco IOS has always had the option to store passwords in cleartext in the configuration file. As you and I both know, storing passwords in the configuration file is a big no-no. That said, …