Profile cover photo
Profile photo
Stephen Breen
39 followers
39 followers
About
Stephen's posts

Post has attachment
The Proud Owner of a New Shiny Blog
Although you probably haven't noticed, things around here have been pretty quiet lately. That's partly because I've been saving up all my cool stuff for a new blog! I just dropped the first two posts at http://foxglovesecurity.com . For those actually readi...

Post has attachment
Bad AS - More on Broken JBoss Configurations
It's been a while since I've posted anything about JBoss. Once in a while I still get an email or IM about someone trying to use the exploit code released here or in the "clusterd" framework against a JBoss instance that should be vulnerable, but seems to f...

Post has attachment
OpenNMS 0-day -> XXE to Shell
OpenNMS is an open source network management application. We see these things occasionally on internal penetration tests and given the nature of network monitoring systems, they can be an attractive target. If you pop the NMS, sometimes you can find credent...

Post has attachment
MSSQL MITM FTW - Ettercap and Responder to Intercept (plaintext!) MSSQL Creds
A fun exercise in confidentiality vs authentication, and why "encrypted" doesn't always mean secure. Imagine the (common) scenario where some sort of service needs to interact with an MSSQL database. The client application opens a "secure" connection with M...

Post has attachment
Raining Shells - Ambari "0-day"
Something that we're starting to see occasionally on penetration tests are Hadoop clusters and all of the associated technologies that go along with them. The old security model for these things used to be "Trust your network" - ie: Lock them in a room, som...

Post has attachment
Cisco ASA SSL VPN Backdoor PoC (CVE-2014-3393)
A coworker and I recently had the opportunity to work with a new vulnerability released at Ruxcon just earlier this month and while we didn't get exactly what we wanted, it was quite interesting. The conference presentation was titled "Breaking Bricks and P...

Post has attachment
Transfer File Over DNS in Windows (with 13 lines of PowerShell)
In a previous post (http://breenmachine.blogspot.ca/2014/03/downloading-files-through-recursive-dns.html) I mentioned that it is possible to download files through recursive DNS queries with Bash or Powershell. This was done through a client/server setup wh...

Post has attachment
BlackHat Talk and Railo Shoutout
Haven't really talked about it much here but recently finished up some research and my BlackHat USA 2014 presentation titled "Mobile Device Mismanagement" - http://www.slideshare.net/breenmachine/mobile-device-mismanagement. Unfortunately we couldn't releas...

Post has attachment
Dumping Data from Memcached Servers
Just a quick update from a recent test. Will probably have some more interesting stuff coming soon but none is ready to go public quite yet. Memcached servers provide a dynamic, distributed memory object caching system to improve application performance. Th...

Post has attachment
Wait while more posts are being loaded