A poem from snippets of two postings on cybersecurity. Trying to carve words out of jargon. Details on the creative process at the bottom of the post. I have been quite confident I have been inspired In this simple way to find both options take note of an extra stealth factor I hardly ever … Continue reading Secure Poetry: “I have been quite confident”
How can you read files encrypted with Windows's Encrypting File System if you neither have access to the owner's encryption certificate and key and nor that of a legit data recovery agent (DRA) ... but if you are a local administrator? This work is still inspired by the hackthebox machine Helpline. You were able to … Continue reading Injecting an EFS Recovery Agent – and Let the Virus Scanner Help You!
You can parse the binary blobs that represent certificates stored in the Windows registry with certutil correctly, even when the Windows Explorer / GUI tells you that this is not a certificate. certutil seems to be able to handle / ignore meta data better. Once upon a time I played with the machine Ethereal provided by … Continue reading Parse Certificates Stored in the Windows Registry
New Year's Eve 2019 seems infinitely far in the past. It was the first day news about this mysterious disease had been published in my country. Yet it seems infinitely far away at that time, somewhere in China. Today we see something glowing at the end of a weird long corridor. Despite horrible news, I … Continue reading Infinity
Once I started to create spam poetry and search term poetry, and I believed it was original. Then I discovered that great poets of the virtual scrapyard had come before me. Finally, I found serious articles about so-called Found Poetry and I found poets publishing their spam poetry in earnest. I learned about the Sokal … Continue reading Technology and Technics. Flolloping Floopily.
Gödel's proof is the (meta-)mathematical counterpart of the paradoxical statement This sentence is false. In his epic 1979 debut book Gödel, Escher, Bach Douglas Hofstadter intertwines computer science, math, art, biology with a simplified version of the proof. In 2007 he revisits these ideas in I Am a Strange Loop. Hofstadter writes: ... at age … Continue reading Gödel’s Proof
You want this: Encrypt a message to somebody else - using information that is publicly available. Somebody else should then be able to decrypt the message, using only information they have; nobody else should be able to read this information. The public key cryptography algorithm RSA does achieve this. This article is my way of … Continue reading The RSA Algorithm
This is about a serious misconfiguration of a Windows Public Key Infrastructure integrated with Active Directory: If you can edit certificate templates, you can impersonate the Active Directory Forests's Enterprise Administrator by logging on with a client certificate. You have a persistent credential that will also survive the reset of this admin's password. In the … Continue reading Impersonating a Windows Enterprise Admin with a Certificate: Kerberos PKINIT from Linux
Last year, hackthebox let me test something I have always found fascinating - and scary: You can impersonate any user in a Windows Active Directory Forest if you have control over the certificate templates of an AD-integrated Windows Public Key Infrastructure: Add extended key usages for smartcard logon to the template, enroll for the certificate, … Continue reading Locating Domain Controllers and Spoofing Active Directory DNS Servers
Another great machine has been retired on hackthebox.eu - Helpline by @egre55! Here is my 'silly' unintended way to root the box: You can get both the encrypted user and root flag via the cumbersome web RCE alone - if you wait for a legit user to just look at the file. This is unlikely … Continue reading Helpline @ hackthebox: Injecting an EFS Recovery Agent to Read Encrypted Files