Implanting Pluggable Authentication Modules (PAM)

I recently discovered a bug in a popular Linux system management tool that allows an attacker to install a malicious Pluggable Authentication Module (PAM) on a target system. While I knew it was exploitable, I didn’t want to write single-use code to take advantage of it. Instead, I decided to write a msfvenom-compliant template that can be used to create malicious PAM modules to execute arbitrary payloads.

Windows Security Center (WSC) DoS

This post examines a denial of service, by way of memory exhaustion, vulnerability in the Microsoft Windows Security Center. The attack leads to noticeable degradation in a couple of user-facing security features, including status reporting of antimalware and firewall products and the ability to start an on-demand scan.

Called Me Maybe - EDR Evasion

Endpoint Detection and Response (EDR) solutions have started to collect and analyze the chain of functions leading up to the execution of certain Windows API functions, also known as the call stack. This post will look into the data available to EDRs, and examine one technique used by malware to avoid it.

GPT Search Engine Optimization (SEO)

A couple months ago, I was chatting with some folks over on the VetSec Slack. One person was using ChatGPT with Web Browsing as a search engine, which made me wonder how easy it would be to optimize web content to be the top result when searched. I tested this for a very specific search - “Who is micrictor” - and found that I could ‘inject’ my desired result more easily against the ChatGPT w/ Web Browsing model than Bard. I’m not sure that this is due to any difference in the models themselves, with the difference potentially explained by differences in the backing web search engines used by each model.

Adventures in DeepRacer

Recently, I decided I want to race cars. Luckily for me, AWS DeepRacer will let me race cars with none of the usual risk to my wallet or personal health by using reinforcement learning to train my “driver” - a machine learning model.

KringleCon 2020

2020 has been a wild year for me, as it has for everyone. I was overseas for the Marines when all of the Coronavirus stuff first started happening in the United states, came back, and had 3 months to do everything I needed to do to leave the military. After starting my new job at AWS, I decided I’d also pursue a Master’s degree at University of San Diego, because I appearantly hate my own free time.

Identifying malicious TLS sessions

Inspired by an email from a former instructor, I created a Zeek package, spl-spt, with the goal of providing new data that can be used to identify malicious TLS sessions. In this post, I will be discussing what the new data is, why I chose the data features I did, visualizing the data, and building a classification model using the data.

Enjoy the read!

PentestAcademy ctf.live

Thanks to my early return from an overseas excercise, I’m stuck at home for two weeks. As such, I figured I might as well take a swing at the free CTF put on by PentesterAcademy, ctf.live.