FortyNorth Security Blog (Page 2)

16 November 2020 Quick Guide to Security Headers - Part Two

In our last post, we explored 3 of the most important security headers: Content-Security-Policy, Strict-Transport-Security and X-Frame-Options. In this post, we’ll review four additional security

02 November 2020 MalDoc Fu - Some Ideas for Malicious Document Delivery

Introduction "Hey, can you review this document? You might have to enable macros due to formatting lol" Attachment: ImportantDocument.docm We've all seen phishing

26 October 2020 Hot Manchego

tl;dr: Create a macro-enabled Excel workbook using the .NET library EPPlus to bypass some A/V detection. We created Hot Manchego to help pen testers

13 July 2020 Incoming .NET SQLClient

The github repo for SQLClient is available here - https://github.com/FortyNorthSecurity/SqlClient On an assume breach assessment, FortyNorth was able to successfully obtain a

29 June 2020 Intro to Proxmark3 RDV4: Part 3 - Practical Applications using ProxmarkWrapper

In this post, we'll go over creating a more covert application for the Proxmark3 using the BlueTooth module we installed previously along with some ideas for

09 June 2020 Creating an Internal Pen Test VM with Ngrok

Hello everyone. With the severity of the Covid-19 virus and people trying to work from home as much as possible we wanted to document how to

26 May 2020 XLM (Excel 4.0) Macro Generator for Phishing Campaigns

tl;dr EXCELntDonut takes C# source code as an input, converts it into shellcode, and generates an XLM (Excel 4.0) macro that will inject the

12 May 2020 Screenshooter: The Beacon Screenshot Savior

A C# tool to screenshot user's desktop(s) complete with multiple checks. Will work with Cobalt Strike's Execute-Assembly. Best name we could think of since SharpShooter

04 May 2020 Quick Guide to Security Headers - Part One

A month ago, we finished a series of six web application assessments for local and regional banks. In addition to common web vulnerabilities, like SQLi, we

27 April 2020 Remotely Host MSBuild Payloads

tl;dr Separate your C# payload from a MSBuild XML file and host it remotely on a WebDav server. Red teams and attackers frequently repurpose MSBuild,

20 April 2020 EyeWitness - Potential Modifications

This is the second post in relation to the new .Net implementation of EyeWitness and it will cover a few things that you should possibly do

14 April 2020 Ngrok for Local Infrastructure

IntroductionHello, meet ngrok (https://ngrok.com/), an easy way to tunnel traffic from a local machine (i.e. VM) to an external address. With ngrok, you

06 April 2020 MiddleOut: a C# Compression Tool

MiddleOut (a salute to Silicon Valley) is a tool written in C# that compresses any number of files passed to it. I wanted to learn .Net

01 April 2020 EyeWitness - Looking Sharp

Ever since its initial release, EyeWitness has only had a Linux version (originally in Python 2, and now in Python 3). This has proven very useful

23 March 2020 Introducing C2concealer: a C2 Malleable Profile Generator for Cobalt Strike

C2concealer is a python3 command-line tool that generates c2 malleable profiles for use with Cobalt Strike. Looking to get up and running quick? Code is available

12 March 2020 Azure Functions - Functional Redirection

A few months ago, we decided to look into additional options that exist for command and control (C2), specifically what we can use for "redirectors". We

24 February 2020 Another MSBuild Invocation (February 2020 Edition)

TL;DR: Use MSBuild’s UnregisterAssembly task to execute arbitrary code in a .NET assembly. A few weeks ago, Casey Smith (@SubTee) tweeted this out: Followed

10 February 2020 Intro To The Proxmark3 RDV4: Part 2 - First Run on Kali

In this post we'll go through connecting the proxmark (and fixing any issues) on a fresh Kali 2019.4 install, and updating all aspects of the

27 January 2020 Intro To The Proxmark3 RDV4: Part 1 - BT/Battery Module Installation

In this post, we'll go over installing the bluetooth/battery module on a brand new Proxmark3 RDV4. The optional module is a great addition to the

13 January 2020 The Security of DevSecOps - Jenkins

Jenkins is an open source application which is nearly always targeted by attackers, but is also incredibly useful when used legitimately. It can help automate test

31 December 2019 Cobalt Strike 4.0 - HTTP Variants

We can all celebrate that the 4.0 release of Cobalt Strike has happened before the holidays, and with it comes some really useful changes! One

16 December 2019 The Security Of DevSecOps - Terraform Authentication

In the first blog post of our DevSecOps series, we talked about looking at security considerations for the Terraform code and the data within it. For

04 December 2019 The Security of DevSecOps - Terraform Code

This past October, I had the opportunity to speak with Robin Wood (@digininja) about “The Security of DevSecOps” at Wild West Hackin Fest in Deadwood, South

09 October 2019 Python3 EyeWitness

EyeWitness is a tool that has been around for many years and has seen many updates (huge shout out to Rohan (@cptjesus) for all of his

03 September 2019 PowerShell, Azure, and Password Hashes in 4 steps

In our previous blog post, we talked about how you can obtain the password hashes from a Domain Controller within Azure without ever needing to interact

FortyNorth acquired by Red Siege!

We are happy to announce that FortyNorth Security has been acquired by Red Siege! Riskatto remains a separate product owned and operated by the creators of the product. Details on the announcment can be found here. Check out 👇 Red Siege Riskatto

FortyNorth Security Blog

We are happy to announce that FortyNorth Security has been acquired by Red Siege! Riskatto remains a separate product owned and operated by the creators of the product. Details on the announcment can be found here.

Check out 👇

Red Siege

Riskatto