Tips, Tricks and Tools for Cyber Security Enthusiasts

CVE-2022-23270 – Windows Server VPN Remote Kernel Use After Free Vulnerability (Part 2)

Following yesterday's Microsoft VPN vulnerability, today we're presenting CVE-2022-23270, which is another windows VPN Use after Free (UaF) vulnerability that was discovered through reverse engineering and fuzzing the raspptp.sys kernel driver. This presents attackers with [...]

By Alex Nichols|May 11, 2022|

CVE-2022-21972: Windows Server VPN Remote Kernel Use After Free Vulnerability (Part 1)

CVE-2022-21972 is a Windows VPN Use after Free (UaF) vulnerability that was discovered through reverse engineering the raspptp.sys kernel driver. The vulnerability is a race condition issue and can be reliably triggered through sending crafted [...]

By Alex Nichols|May 10, 2022|

Introducing SharpWSUS

Today, we're releasing a new tool called SharpWSUS. This is a continuation of existing WSUS attack tooling such as WSUSPendu and Thunder_Woosus. It brings their complete functionality to .NET, in a way that can be [...]

By Phil Keeble|May 5, 2022|

Introducing MalSCCM

During red team operations the goal is often to compromise a system of high value. These systems will ideally be segmented from the wider network and locked down to prevent compromise. However, the organisation still [...]

By Phil Keeble|May 4, 2022|

Repurposing Real TTPs for use on Red Team Engagements

I recently read an interesting article by Elastic. It provides new analysis of a sophisticated, targeted campaign against several organizations. This has been labelled 'Bleeding Bear'. The articles analysis of Bleeding Bear tactics, techniques and [...]

By Brendan Ortiz|April 7, 2022|