Tuesday 4 April 2017

3 Books I highly recommend for anxiety, imposter syndrome & my own flaw

Bene' Brown

I first heard of Bene' Browns work when I saw a YouTube video on empathy. Someone had created a cartoon with Bene's voice-over from a talk of hers. I think the cartoon adds a lot of power to the message. She discussed the difference between sympathy and empathy, in a nutshell that being able to feel what the other person is feeling without Judgement. It can be found here: https://www.youtube.com/watch?v=1Evwgu369Jw


It was a good video and resonated with me really well. The imagery of the goat (I think) eating  sandwich and responding to someones marriage falling apart with 'at least you had a marriage' is quite strong. 

So many people when responding to your struggle or how you are feeling will respond with a silver lining, unable to accept that you are not 'happy'. Which reminds me of my mother, when I had exams, or an important interview, I was stressed, needing someone to listen and she would respond with 'you'll be fine', or 'you always pass the exam'... This coming across that she thinks me passing an exam or interview is easy or a given. This is certainly not the case and to pass an exam takes hours and hours of study, frustration and perseverance, a simple you'll be fine diminishes every effort I go through in passing an exam.

Anyhow, that is an example in my life of getting sympathy and not empathy.

Bene' Brown is a shame researcher, using research to understand shame and how best to deal with it. In short, she is like a doctor for your conscious.

3 books

So obviously with an introduction on Bene' Brown the 3 books I am going to recommend are by here.

#1) The Gifts of Imperfection

Someone first suggested this book when I was not accepting my anxiety, not aware of it and not understand why I could not control my emotions. This book helped so much.

This one as Bene' summarises is about being you, living genuinely yourself and accepting who you area.

Sidenote: I still struggle with anxiety and hate myself for it. - Something I am working on

#2) Daring Greatly

Honestly, I have not read this one yet.. But it is about having the confidence to be the real you. So I am looking forward to reading it.

#3) Rising Strong

This one is about when you fall, or fail and the long hard climb back to where you work.

I am reading / listening to this book now.

This one is much more relevant to my current situation. Especially with anxiety and that 'fake' story we jump to. Or I jump to when something bad is happening, or when my emotions explode.

I am unsure if it is an evolutionary trait, or bias, as a way to survive, but when something happens (bad, a fight, bad meeting etc) I think the worst. I have an issue with self-worth.  This can happen when you open yourself up to someone/colleagues etc etc. and they brush it off, or sharing something you are excited about and friends brush it off, or a thing at work that you are all pumped for and does not go well, things like that, that cause shame.. I instinctively go to I am not enough... It is my current worst flaw in my personal life. A nice video here sort of explains it: https://www.youtube.com/watch?v=5RsPjFnNdw4

This book is helping me to understand it, or at least become aware of it. I have not read it all, so I am unsure what exactly to do. I do know, that the easy path of shutting down, hiding and giving everything away is not the answer.. This is not something new, its always been there, one of those 'curses' we bare right?..



I will continue to work on this, and blog my experiences.

Cheers
Haydn

Monday 3 April 2017

My quick Post on UAC.

So I have been reading a bit more on some foundational knowledge. I know about UAC, using getsystem in meterpreter for uac bypasses and all the super cool UAC bypasses implemented in powershell.

Below you will find my brain-dump on how UAC works and the bypasses (or 1).

Different Levels - for security right

So process run in different levels for security reasons. Thus if a process gets popped, it shouldn't necessarily mean straight to Local Admin. Same premise of popping Apache; you become www-data with minimal rights.

So what are these levels.

System - I believe I was told this is not a 'level' but transcends the levels.
High Integrity - basically admin rights
Medium Integrity - Standard user
Low - Restricted

This is relevant when you get a shell as a user who is local admin, because you type hashdump in Meterpreter and cannot dump the hash. It is annoying as an attacker, but Windows is basically like 'lol you can't execute admin actions as a medium integrity'. You have to explicitly state that you want to execute an administrative task (hence that annoying UAC PLEASE SELECT ACCEPT pop-up).

This annoying pop up was  designed initially in Vista... EVERY process that needed admin rights caused a UAC pop-up. It was annoying to everyone, I am sure you remember Vista.


So in the later versions of windows. The Microsoft peeps decided that some applications could automatically elevate themselves, thus gaining admin rights without annoying the user...... This sounds great until it was realised that the way this happens, could be manipulated to execute a DLL of an attackers choice. Thus the UAC bypass.

This is my summary, but obviously I have to give credit to here:
https://blog.cobaltstrike.com/2014/03/20/user-account-control-what-penetration-testers-should-know/

In Short:
Using DLL hijacking to force a DLL chosen by the attacker to be loaded can allow one to bypass UAC. It is called Leo's Bypass Attack and uses sysprep.exe. When sysprep.exe ran it would look for a DLL called CRYPTBASE.dll, if you supplied it in an area that it found before the REAL dll, it would load the first dll, thus allowing High integrity. Pretty Cool huh, its an awesome trick.

The cool part is in lateral movement!

So that is awesome on that system. The cooler part I think is when you want to move laterally. If you can connect to another system, that high integrity token goes with it to the next system.

So in essence, which  named the bounceback UAC bypass (haha) is the idea of using this idea to get high integrity on your current system without DLL hijacking on that system (again mentione din the blog post above). You may have a normal user (not local admin) on a system, cannot find ways to priv esc or bypass uac, but on another system you do have local admin. So in a nutshell you connect over to that system as that user, gain the high integrity token and then connect BACK to the original system, gaining local admin on the original system.

I thought that was pretty cool.

Just a nice brain dump of what I 'remembered' from reading the post.

Cheers
Haydn