Welcome to Nettitude Labs
You are here: Home
EMEA
1 Jephson Court
Trancred Close
Leamington Spa
Warwickshire
CV31 3RZ
Trancred Close
Leamington Spa
Warwickshire
CV31 3RZ
Americas
50 Broad Street
Suite 403
New York
NY
10004
Suite 403
New York
NY
10004
CVE-2020-14418: madCodeHook Library Local Privilege Escalation
/0 Comments/in Advisories, Blog /by Kyriakos EconomouNettitude discovered a vulnerability in the ‘madCodeHook’ third party library which caused a number of security products, including Cisco AMP and Morphisec Unified Threat Prevention Platform, to contain a local privilege escalation vulnerability. Since the vulnerability originated in a third party library, it is likely to affect other software using that library. The madCodeHook author […]
CVE-2020-27708: Electronic Arts (EA) Origin – Local Privilege Escalation
/0 Comments/in Advisories, Blog /by Tom WilsonWe recently assessed the security posture of Electronic Arts Origin Client and discovered a privilege escalation issue that would allow a low privilege attacker to elevate privileges to NT AUTHORTY\SYSTEM. This has been recorded as CVE-2020-27708. Origin is a digital distribution platform, by Electronic Arts, who own the brand EA Games. They acquired the trademark […]
Introducing PoshC2 v7.0
/0 Comments/in Blog, PoshC2 /by Ben Turner and Doug McLeod and Rob BoneThere have been some big improvements and new features added to PoshC2 and we’re excited to announce the release of PoshC2 v7.0. More and more people have started contributing to the project and every one of those contributions is appreciated! Download & Documentation You can download PoshC2 v7.0 here: https://github.com/nettitude/PoshC2 The PoshC2 documentation has been […]
Detecting PoshC2 – Indicators of Compromise
/0 Comments/in Blog, PoshC2 /by Rob BoneAs a counterpart to the release of PoshC2 version 6.0 we are providing a list of some of its Indicators of Compromise (IoCs), particularly as used out-of-the-box, as well as some other effective methods for detecting it in your environment. We also introduce the new PoshC2 Detections GitHub repository at https://github.com/nettitude/PoshC2_IOCs that will be continually updated […]
CVE-2019-16384, 85: Cyblesoft Thinfinity VirtualUI – Path Traversal, HTTP Header Injection
/0 Comments/in Advisories, Blog /by Tom JacksonNettitude discovered two vulnerabilities within Cyblesoft’s Thinfinity VirtualUI web application. The findings include path traversal and HTTP header injection, which could be leveraged to execute an XSS payload. Thinfinity VirtualUI enables Windows-based desktop applications to function as cross-browser, cross-device web applications, which can be run on a Windows environment or be accessed remotely from a […]
Introducing PoshC2 v6.0
/0 Comments/in Blog, PoshC2 /by Rob Bone and Ben TurnerWe are pleased to release the latest version of PoshC2 – v6.0. Version 6.0 includes a number of significant and exciting features, in addition to the usual plethora of bug fixes and small improvements. In this blog post, we take a look at some of the more significant changes and feature rich enhancements to make […]