Monday, March 10, 2014
2014-03-10 challenge
This week's challenge is straight forward. "sc" is a Windows command that shows information about Windows services. Pick any service on a windows machine and run "sc sdshow " on it (you can use "sc sdshow lanmanserver" if you want. The output of the command is called a "DACL" in "SDDL". Your challenge is to explain in its entirety what that jumble of letters and semicolons mean, as well as explaining DACLS and SDDLs.
Extra Credit: Explain how an attack can use this information.
Monday, March 3, 2014
2014-03-03
Is it Monday already? Sorry for being tardy on the emails this weekend I will get to all of them tonight. I was a little busy making RIT students do push ups in order for me to relinquish control of their domain controllers for ISTS ;-)
See the fun we had here: http://www.reddit.com/r/ISTSRedTeam/
This week's question is:
See the fun we had here: http://www.reddit.com/r/ISTSRedTeam/
This week's question is:
Describe XML Entity Injection, how it can be found (what indicators may lead you to assuming it's possible on a given app) and what is possible with it?
Subscribe to:
Posts (Atom)