Red Team on System Overlord

Raspberry Pi as a Penetration Testing Implant (Dropbox)

david@systemoverlord.com (David Tomaschik) — Tue, 14 Jul 2020 00:00:00 +0000

Sometimes, especially in the time of COVID-19, you can’t go onsite for a penetration test. Or maybe you can only get in briefly on a physical test, and want to leave behind a dropbox (literally, a box that can be “dropped” in place and let the tester leave, no relation to the file-sharing company by the same name) that you can remotely connect to. Of course, it could also be part of the desired test itself if incident response testing is in-scope – can they find your malicious device?

In all of these cases, one great option is a small single-board computer, the best known of which is the Raspberry Pi. It’s inexpensive, compact, easy to come by, and very flexible. It may not be perfect in every case, but it gets the job done in a lot of cases.

I’ll use this opportunity to discuss the setups I’ve done in the past and the things I would change when doing it again or alternatives I considered. I hope some will find this useful. Some familiarity with the Linux command line is assumed.

So You Want a Red Team Exercise?

david@systemoverlord.com (David Tomaschik) — Fri, 17 Apr 2020 00:00:00 +0000

I originally wrote this for work, where we get a lot of requests to “Red Team” something. In a lot of these cases, a white box security review or other form of security testing is more appropriate. Because I’d heard through the grapevine that other Red Teams struggle with the same issues, I wanted to make it available publicly. Thanks to my management for their support and permission to take this public!

If you’d like to use or adapt this within your organization, feel free, but please give credit to the Google Red Team.

We frequently get requests to perform Red Team engagements on various products & services around our company. These requests often have misconceptions about the services our team provides. This document is intended to help those seeking a Red Team engagement have a better understanding of what we do, how we do it, and why we do it the way we do, and how to engage with us for optimal effectiveness.

Passing Android Traffic through Burp

david@systemoverlord.com (David Tomaschik) — Sun, 13 Jul 2014 20:57:18 +0000

I wanted to take a look at all HTTP(S) traffic coming from an Android device, even if applications made direct connections without a proxy, so I set up a transparent Burp proxy. I decided to put the Proxy on my Kali VM on my laptop, but didn’t want to run an AP on there, so I needed to get the traffic to there.

Network Setup

The diagram shows that my wireless lab is on a separate subnet from the rest of my network, including my laptop. The lab network is a NAT run by IPTables on the Virtual Router. While I certainly could’ve ARP poisoned the connection between the Internet Router and the Virtual Router, or even added a static route, I wanted a cleaner solution that would be easier to enable/disable.

Weekly Reading List for 5/23/14

david@systemoverlord.com (David Tomaschik) — Fri, 23 May 2014 07:00:00 +0000

###Radare2 Book Maijin on GitHub is in the process of putting together an online book for Radare2. I’ve been looking for a good resource for using Radare2, and this is a great start.

###Reverse Engineering for Beginners Dennis Yurichev has a free eBook on Reverse Engineering. I haven’t gotten through it yet, but it looks interesting, and you can’t beat the price.

###Hacker Playbook Finally, I finished up The Hacker Playbook: Practical Guide To Penetration Testing this week. You can find my full review here.

Book Review: Red Team Field Manual

david@systemoverlord.com (David Tomaschik) — Fri, 02 May 2014 15:24:27 +0000

I recently picked up a copy of the Red Team Field Manual on Amazon after hearing good things from a few people in the industry. It’s information dense, basically a concatenation of cheat sheets for everything you’d want to do during a pentest. I’m mostly a Linux/Unix guy, and given my role on an internal red team for a mostly Linux company, I don’t do a lot of Windows. However, I recently had an engagement where we were targeting Windows, and I wish I’d had the RTFM handy then: there are a number of great pointers for Windows that I could’ve leveraged to make my engagement go more smoothly. Additionally, the book provides coverage for other platforms, like Cisco IOS, and for various scripting situations in Powershell, Python, or even Scapy.