Monday, March 10, 2014

2014-03-10 challenge

This week's challenge is straight forward. "sc" is a Windows command that shows information about Windows services. Pick any service on a windows machine and run "sc sdshow " on it (you can use "sc sdshow lanmanserver" if you want. The output of the command is called a "DACL" in "SDDL". Your challenge is to explain in its entirety what that jumble of letters and semicolons mean, as well as explaining DACLS and SDDLs. Extra Credit: Explain how an attack can use this information.

Monday, March 3, 2014


Is it Monday already? Sorry for being tardy on the emails this weekend I will get to all of them tonight. I was a little busy making RIT students do push ups in order for me to relinquish control of their domain controllers for ISTS ;-)

See the fun we had here:

This week's question is:

Describe XML Entity Injection, how it can be found (what indicators may lead you to assuming it's possible on a given app) and what is possible with it?