Time

 

Time is a one-time non-renewable precious resource you are given. It is ok to be greedy, selective, and even snobbish about how, and with whom you spend it.

 

If it helps, think of your time as a vault, money is withdrawn at a constant rate by people as you spend it, but you are not allowed to look inside to see how much you have left. It could be a billion dollars, it could be .25 cents. If it were money, who would you spend it on if that were the case? Most likely you would be more cautious on who and what you spent any amount on.  (This is not to say you live a hermit, but pushing you to actively choose what you want instead of letting life happen and spending your resource)

 

Also, respect other's choice to spend their time with you. I know we don't always acknowledge it, but we should be a bit more cognizant of it.

 

We actually dismiss it nonchalantly, in English, with simple phrasing changes like "Thank you for spending THE time". When we should probably say "Thank you for spending YOUR time". I have heard it both ways and much more the latter, but it just struck me as I was writing the close to this blog post that I was about to do what I had just warned against.

 

So, in closing, thank you for spending your precious moments reading my blog.

 

Rob

Read More

R5 Industries

I recently took the plunge and joined a startup called R5 Industries. I wanted to say thanks for all the well wishes that I received on social media. It has certainly calmed my nerves about the choice ;-).

I've had a number of people ask what R5 Industries does. Our primary selling point is AntigenC2, which is a really Command and Control detection product (no agents). But we also do Red Team assessments and some other fun toys if you are interested, contact@r5industries.com

More info here: http://r5industries.com/

And thats the end and last sales pitch you'll get from me on the subject.

Why did I make the move?

1. While, I loved life as an internal Red Team member (highly recommended, if you need reasons why make sure you watch Chris Gates' talk at RuxCon: https://ruxcon.org.au/speakers/#Chris Gates ) where I got to help steer the boat of a Fortune 10 company, I had a number of opportunities that I had to turn down because of it, even though my higher ups went above and beyond to give me as much latitude as possible.

2. I had a bunch of crazy project ideas that I wanted to see come to life over the years, I don't think I would have ever had the time to see them become anything more than mythical ideas without this opportunity.

So, wish me luck, send me work (as I can finally accept it ;-) [through R5 of course]) and look out for some pretty wacky ideas and products that I've been talking about for years.

Thanks again, I wouldn't be here without you.
Rob

Read More

DotNet's DNVM for Persistence on Developer Machines

One of the best resources for persistence mechanisms is Hexacorn's blog.

http://www.hexacorn.com/blog/category/autostart-persistence/

If you haven't checked out his "Beyond good ol' Run key" (linked above) 32 post series, you really should. But today I wanted to talk about one that I didn't see up there:

DNVM (https://github.com/aspnet/dnvm) is the DotNet Version Manager and it's a part of ASP.NET 5, which I believe has been inside of Visual Studio since the 2013 version. It's there to help to specify which runtime to use for applications, much like RVM (Ruby Version Manager) is for Ruby. With their goal being that you can install .Net and run .Net applications on Linux and Mac as well using DNVM.

Once installed it adds a "DNX_HOME" environmental variable:

 Inside the folder specified are 3 directories:

There are plenty of things to play with in here, but I wanted to specifically point out that the BIN directory is put into the $PATH variable (as well as two others)

C:\WINDOWS\system32\config\systemprofile\.dnx\bin (DOES NOT EXIST BY DEFAULT)
C:\Program Files\Microsoft DNX\Dnvm\
C:\Users\mubix\.dnx\bin

Ok, not a big deal right? Even a user under UAC can edit their own $PATH variable (we'll come back to that in another post)

Lets take a look at what is in those folders:

Interesting, why don't we see what the command dnvm does:

Seriously... I probably don't even have to continue at this point...

But, if I run dnvm from the command prompt (as a developer would) it runs it from inside that protected directory in Program Files right?... RIGHT?! Nope..

Edit the dnvm.cmd with a bit of PowerShell Empire stager (minus the -W Hidden, because we need the user to actually get the output of the dnvm command) and....

[+] Initial agent UU2YKZ3VDG2AUKFY from 192.168.1.109 now active

Boom!

Lets look a bit into how DNVM works to see if there is something juicier there (way to much for a single blog post)

Awesome! So I can modify things in the runtime directory, lets look in there:

Lots, of fun, but we still have to wait until they run some C# code with that run time and guess which one they will use (or backdoor all of them). I would rather just make a modification to the dnvm.cmd and be done with it. Simple and clean.

Oh did I mention that this is used to cross compile binaries? Ya, oh ok, so you can infect the built binaries, or web apps for Windows, Linux and OSX...

Oh and one other thing caught my eye while I was looking into the DNVM.ps1 script:

Have fun!

P.S. Unquoted paths FTW: https://github.com/aspnet/dnvm/pull/357

Read More

Hiding desktop icons for presentations on OSX

If you found this post via a search, you are probably like me, "not great" at keeping your desktop clear "stuff" (you probably have a 'stuff' folder you once put stuff in and forgot about). 

If you are, and you go into a presentation, you probably don't want to have all of your icons visible (and possibly recorded).  Hiding your desktop icons on Windows (since 7 I believe) is pretty simple. 

src: http://www.thewindowsclub.com/desktop-icons-not-showing-windows-7

On OSX, its not as straight forward. Following a tip I found here: http://hints.macworld.com/article.php?story=20100804092806364 I was able to create a keyboard shortcut to hide, or unshide everything.

First, open up "Automator" and create a new document / "Service" 

Then drag and drop "Run AppleScript" from the Utilities section:

Next, make sure it says that the service doesn't accept input from any application:

Paste in the following script:

on run {input, parameters}

set myAnswer to (do shell script "defaults read com.apple.finder CreateDesktop") as boolean

do shell script "defaults write com.apple.finder CreateDesktop " & ((not myAnswer) as string)

do shell script "killall Finder"

end run

On the first run, you may get an error stating that the variable doesn't exist or that it couldn't convert it into a boolen. This is because by default this variable doesn't exist for new users. All you have to do to correct this is open a terminal and type:

defaults write com.apple.finder CreateDesktop true

To set it for the first time:

Back in Automator, re-do the test run of the script:

Save the file and then you can setup up a keyboard shortcut in System Preferences:

Hit Control+Cmd+H to your hearts content. 

Read More