tag: red team

SSL certs can be used to insert extended data that can be useful for transmitting information

Introduction Evilginx 2 is this super cool proxy framework that helps hardworking red teamers do phishing with ease. Gone are the days where you would have to painstakingly craft the website to look exactly like the target website manually. The diagram below is where Evilginx sits. It transparently proxies the connection between the user and the legitimate site, so that both user and site would think that they are talking to each other....

Introduction Welcome to Part 2 of my previous post on loading a Java class in Tomcat. A possible way to stop this kind of attack would be to dynamically instrument the JVM to ensure that unknown classes are either prevented from loading or flagged to the SOC team. This mechanism is also known as Runtime Application Self Protection or RASP. What is RASP? RASP hooks into an application and actively monitors the program flow during runtime....

Introduction I had a situation where I could do JNDI injection into a Tomcat server leading to RCE. While off the shelf solutions such as this Github repo could work and invoke system commands, I wanted to take advantage of this unique vulnerability and push harder to create a unique implant that could live in Tomcat’s memory for opsec, stealth purposes, and make the blue team work a little harder....