COM and the PowerThIEf

/
Recently, Component Object Model (COM) has come back in a big…

CVE-2018-6851 to CVE-2018-6857: Sophos Privilege Escalation Vulnerabilities

/
We have recently disclosed a list of vulnerabilities to Sophos…

CVE-2018-10956: Unauthenticated Privileged Directory Traversal in IPConfigure Orchid Core VMS

/
Affected Software: IPConfigure Orchid Core VMS (All versions…

Introducing Prowl

/
Prowl was initially designed as an in house tool to aid engagements…

Apache mod_python for red teams

/
Nettitude’s red team engagements are typically designed to…

WinDbg: using pykd to dump private symbols

/
We’ve recently been conducting some reverse engineering and…

CVE-2017-7351: REDCap 7.0.0 - 7.0.10 SQL Injection

/
A SQL injection vulnerability exists in REDCap versions 7.0.0…

Making PoshC2 More Accessible With a $5 VPS

/
Users may find it difficult to host a PoshC2 server as it requires…