Hack The Box: (Response Machine) – Extract the AES key for Root

This post is an extension of the full writeup on the Response machine that can be found here which we will abuse the AES key Extract the AES file by using the bulk_extractor tool on the Response machine Firstly, we are required to download and install the bulk_extractor on our attacker’s machine Let’s install the […]

The post Hack The Box: (Response Machine) – Extract the AES key for Root appeared first on Threatninja.net.

February 9, 2023
Read More >>

SolarWinds and Market Incentives

In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response.

The penetration of government and corporate networks worldwide is the result of inadequate cyberdefenses across the board. The lessons are many, but I want to focus on one important one we’ve learned: the software that’s managing our critical networks isn’t secure, and that’s because the market doesn’t reward that security.

SolarWinds is a perfect example. The company was the initial infection vector for much of the operation. Its trusted position inside so many critical networks made it a perfect target for a supply-chain attack, and its shoddy security practices made it an easy target…

February 8, 2023
Read More >>