Skip to main content

Posts

Automating Unsolicited Richard Pics; Pwning 60,000 Digital Picture Frames

Summary  The research for this post was done sometime in January of 2022, I was diagnosed with Cancer in February of 2022, and have been struggling to find to the time to finally post it. Much of it was written in chunks, so hopefully it makes sense. In this post I will talk about what led me down the path of researching the security of IoT digital picture frames. My research on these picture frames and supporting mobile application led to the creation of four CVE’s. The vulnerabilities I discovered allowed me to access client information, clear-text credentials, bypass authentication and access controls of the frames. Merry Christmas Mimi! During our annual brainstorming of Christmas gift ideas for my wife’s elderly grandmother, we thought a digital picture frame would be perfect. Mimi is 94 years old, and lives in a local nursing home. Covid has made it difficult for family to visit her and for her to leave the home as much as she used to. We decided to look for a picture frame that
Recent posts

Cracking password hashes on the cheap: How to rent online GPU resources for Hashcat

  Summary  In this post I will talk about how to make password cracking accessible to people who don't want to make the investment in video cards and GPU hardware resources. This post will mostly be a tutorial, geared toward people who are in a pinch and need to quickly standup a powerful hashcat environment. The problem that led me down this path I was recently working on an issue that required me to recover the password of a zip file. The zip file was created programmatically by a utility; which I had to the source code for. This meant I had the character set used and a fixed password length. I decided to fire up hashcat on my Mac Book Pro with my AMD Radeon Pro 560X. To my surprise, I was greeted with the error below; Against the advice of the error message, I used the --force syntax to override the error. This yielded no usable results, it ended up making hashcat unstable and produced some false positives (I thought I had cracked the hash quickly). After trying the to borrow s

Bypassing Windows Defender Antivirus in Windows Server 2016/2019

Summary In this post I will discuss a  Windows Defender Antivirus  bypass I discovered and reported to Microsoft on May 26th 2020. The bypass affects the current versions of Windows Defender deployed with Windows Server 2016/2019, where the Web Server role is installed. This post focuses on the road I took to get to the bypass as well, so for the TL;DR go to " Bypassing Windows Defender Antivirus 2016 using automatic exclusions"  section. Setting the stage I recently worked on a penetration test for an asp.net application. The setup was pretty standard for a small asp.net application, it was deployed in amazon AWS with a web tier and database tier. The web tier, where the application lived was configured on a Windows 2016 server with the Web Server role installed. This asp.net application integrated with a much larger suite of applications deployed in the same amazon AWS environment (14 other windows servers).  Below i've generated some screenshots from some test systems