• Skip to main content
  • Skip to footer

Andrew Roderos

Networking and Security

  • Blog
  • Resources
    • Book List
    • Freebies
  • About
  • Contact

Security

Attacking Cisco IOS device

01/31/2022 by Andrew Roderos Leave a Comment

Attacking Cisco IOS Device

Cisco IOS-related CVEs get announced consistently, but we will not be exploring any of those in this article. I will, however, demonstrate that attacking a Cisco IOS device is possible with SNMP misconfiguration. If interested, I covered another attack on a Cisco IOS device running HSRP here. I included this exercise on our Paradise Lost: Red Team versus Blue Team event during our CyberFest 2021. Unfortunately, only the blue team members touched this node. The red team focused on …

[Read more...] about Attacking Cisco IOS device

Kaos Corp: Cayenne

12/17/2021 by Andrew Roderos Leave a Comment

cayenne

In the previous article, we found the ransomware key, and now we are on the hunt for the Windows AD domain controller to decrypt the research data, which also contains the flag. In this article, we will concentrate on the host named Cayenne. Discovery Since we already performed host discovery, we do not need to do it again. However, we need to figure out which ones are Windows-based hosts out of the three left. The quickest way to figure out if a host is running Windows is by …

[Read more...] about Kaos Corp: Cayenne

Exploiting PrintNightmare

07/11/2021 by Andrew Roderos Leave a Comment

I am pretty sure that everyone in IT has heard of PrintNightmare (CVE-2021-1675) by now. Most, if not all, of the organizations, have installed KB5004947. However, that patch comes with caveats. On Friday, my colleague, who created the Kaos Corp CTF scenario, reached out to me to let me know that I can exploit the PrintNightmare vulnerability with his test VM, running Windows 2019 Server with the patch. I ran into a few obstacles, so I decided to build a VM locally …

[Read more...] about Exploiting PrintNightmare

Kaos Corp: Habanero

06/17/2021 by Andrew Roderos Leave a Comment

As mentioned in my previous article, our first internal CTF included an offensive security category called Kaos Corp. Since there are multiple hosts in the environment, it's better to break it into a series. In this article, we will concentrate on the host with a DNS name of Habanero. Scenario You are a security lead at a renowned University directly supporting the prestigious Scoville Lab. It is a research institute focused on leveraging unprecedented biotechnology …

[Read more...] about Kaos Corp: Habanero

Defending against SSH brute force attacks

01/11/2021 by Andrew Roderos Leave a Comment

Defending against SSH brute force attacks

I was a victim of SSH brute force attacks, which I covered here. As a result, I discovered a great solution without using SSH keys. As another layer of security, I added two-factor authentication to my server. A few years ago, I wondered if there was a solution in Cisco IOS. I discovered a security feature called login enhancements or login block. Let's look at how it can help defend from SSH brute force attacks by enabling this feature. What is login block? It is a Cisco …

[Read more...] about Defending against SSH brute force attacks

  • Go to page 1
  • Go to page 2
  • Go to Next Page »

Footer

WANT TO REACH ME?

Let’s talk!

CONTACT ME

Copyright © 2019–2022 · Andrew Roderos · All Rights Reserved · Privacy Policy · Terms of Use