Welcome to Nettitude Labs

How to Exfiltrate AWS EC2 Data

/

Wednesday 9 October 2019

As Cloud infrastructure has become common, it has also become…

Maritime Malware Campaigns - Document Payloads

/

Thursday 19 September 2019

As part of our research into threats facing the marine and offshore…

DerbyCon 2019 CTF Write Up

/

Wednesday 18 September 2019

We recently returned from the always excellent DerbyCon 2019…

$C:\Users\coakley\Desktop\download (3).png$

Cross Site Scripting (XSS) Payload Generator

/

Monday 29 July 2019

This post will help you to evade some of those tricky cross site…

CVE-2018-20319: Why you should always have two factor authentication on your VPN

/

Wednesday 19 June 2019

The OpenConnect VPN client, on all supported platforms, suffered…

CVE-2019-7315: Genie Access WIP3BVAF IP Camera Directory Traversal

/

Thursday 30 May 2019

We have discovered a directory traversal vulnerability that affects…

Operational Security with PoshC2 Framework

/

Thursday 23 May 2019

This post describes a new capability that has been deployed within…

CVE-2017-18019: Privilege Escalation via a Kernel Pointer Dereference

/

Wednesday 17 April 2019

A little while ago, I discovered a vulnerability, CVE-2017-18019,…

Introducing PoshC2 v4.8 - includes C# dropper, task management and more! - Part One

/

Monday 1 April 2019

We recently released version 4.8 of PoshC2 Python, which includes…