Josh Stone — Infosec, Pen-testing, Research

Relevant links:

SQShell Available

I am putting my database hacking tool SQShell up here for download. I have kept this to myself and friends for awhile because of restrictions on distributing the proprietary JDBC drivers. Well, I'm now providing a download for the tool without those drivers and instructions for adding them yourself. SQShell gives you a consistent command line interface to the various DBMSs with a few handy commands for common tasks like downloading tables, listing schemas, etc.

Derbycon '15 Presentation Out

My Derbycon presentation on bypassing multifactor authentication (MFA) is now available on Youtube. I had lots of fun putting this together. In the talk, I present a bypass method that we use for getting around RSA SecurID and Duo Security's MFA. I definitely have more in this area, so perhaps I'll be putting together some more scenarios for talks in the future!

PipeCat SMB Named Pipe Tool

At NolaCon '15, I demonstrated how I use SMB named pipes to tunnel TCP connections. PipeCat also provides a PSEXEC and WINEXE-style command execution mechanism without using services. You can download the presentation copy of pipecat here. Bear in mind that it's very... 'pragmatic' code... and it does depend on .NET framework 3.5+. I will get the source into github soon, though, to make it more accessible.

Metasploit Delay Loader

At NolaCon '15, I demonstrated how I use a modified metasploit-loader as a foundation for odd A/V and HIPS evasion during pen-tests. You can download the presentation copy of delay loader here.

Duo MFA Race Condition & Bypass

Duo Security has released a fix for a session stealing attack we discovered some time ago. I have also blogged about it. I included this in my presentation at NolaCon '15. I'll probably get my video of the PoC up soon.

Snarf SMB Man-in-the-Middle Tool

My buddy Victor and I have created what we think is the strongest SMB relay attack tool available. We have presented it at NolaCon '14 and DerbyCon '14. You can find it at the github repo.

NTFSx tool for raw access to NTFS files

I have used NTFSx to effect several times, from extracting NTDS.DIT when the new domains came out to extracting files without tripping file monitoring tools.