Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures

In your emails, getting your hashes  Capturing NetNTLM hashes from network communications is nothing new; a quick Google for 'Capture NTLM Hashes' throws up blog posts discussing the various ways to force SMB communications to an attacker and the numerous existing tools to capture the authentication attempt and extract the password hash. Sniffing SMB traffic requires elevated permissions … Continue reading Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures

Using SharePoint as a Phishing Platform

Introduction The rise of endpoint protection and the use of mobile operating systems has created additional challenges when targeting corporate users with phishing payloads designed to execute code on their endpoint device. Credential capture campaigns offer an alternative chance to leverage remote working solutions such as VPNs or Desktop Gateways in order to gain access … Continue reading Using SharePoint as a Phishing Platform

CloudWatch: Amazon Web Services & Shellshock

Introduction As more of our services move to rented virtual servers, applying centralised protective monitoring becomes more of a challenge. Offerings such as Assuria’s Cloud Security Suite and Splunk’s Storm show the demand for elastic and easily configurable monitoring that can be deployed on cloud provisioned infrastructure. Amazon has responded to these services by creating … Continue reading CloudWatch: Amazon Web Services & Shellshock