OUR LATEST RESEARCH
CVE-2022-23270 – Windows Server VPN Remote Kernel Use After Free Vulnerability (Part 2)
Following yesterday's Microsoft VPN vulnerability, today we're presenting CVE-2022-23270, which is another windows VPN Use after Free (UaF) vulnerability that was discovered through reverse engineering and fuzzing the raspptp.sys kernel driver. This presents attackers with [...]
CVE-2022-21972: Windows Server VPN Remote Kernel Use After Free Vulnerability (Part 1)
CVE-2022-21972 is a Windows VPN Use after Free (UaF) vulnerability that was discovered through reverse engineering the raspptp.sys kernel driver. The vulnerability is a race condition issue and can be reliably triggered through sending crafted [...]
Introducing SharpWSUS
Today, we're releasing a new tool called SharpWSUS. This is a continuation of existing WSUS attack tooling such as WSUSPendu and Thunder_Woosus. It brings their complete functionality to .NET, in a way that can be [...]
Introducing MalSCCM
During red team operations the goal is often to compromise a system of high value. These systems will ideally be segmented from the wider network and locked down to prevent compromise. However, the organisation still [...]
Repurposing Real TTPs for use on Red Team Engagements
I recently read an interesting article by Elastic. It provides new analysis of a sophisticated, targeted campaign against several organizations. This has been labelled 'Bleeding Bear'. The articles analysis of Bleeding Bear tactics, techniques and [...]