Detecting PoshC2 – Indicators of Compromise

As a counterpart to the release of PoshC2 version 6.0 we are providing a list of some of its Indicators of Compromise (IoCs), particularly as used out-of-the-box, as well as some other effective methods for detecting it in your environment. We also introduce the new PoshC2 Detections GitHub repository at that will be continually updated […]

CVE-2019-16384, 85: Cyblesoft Thinfinity VirtualUI – Path Traversal, HTTP Header Injection

Nettitude discovered two vulnerabilities within Cyblesoft’s Thinfinity VirtualUI web application. The findings include path traversal and HTTP header injection, which could be leveraged to execute an XSS payload. Thinfinity VirtualUI enables Windows-based desktop applications to function as cross-browser, cross-device web applications, which can be run on a Windows environment or be accessed remotely from a […]

Introducing PoshC2 v6.0

We are pleased to release the latest version of PoshC2 – v6.0. Version 6.0 includes a number of significant and exciting features, in addition to the usual plethora of bug fixes and small improvements. In this blog post, we take a look at some of the more significant changes and feature rich enhancements to make […]

CVE-2019-13021, 22, 23: JETSELECT Network Segregation Application

Nettitude are disclosing three vulnerabilities discovered as part of a security assessment on board a superyacht. These vulnerabilities have now had patches published by the vendor, and an appropriate time period has elapsed to allow for a patching window aboard the vessels. JETSELECT The JETSELECT application is supplied by JetStream, a technology company specialising in […]

CVE-2019-12750: Symantec Endpoint Protection Local Privilege Escalation – Part 2

In this post we will walk you through a more sophisticated method of exploiting CVE-2019-12750.  This is a local privilege escalation vulnerability that affects Symantec Endpoint Protection.  The method of exploitation described in this post works, at the time of writing, on all versions of Windows.

CVE-2019-12750: Symantec Endpoint Protection Local Privilege Escalation – Part 1

A malicious application can take advantage of a vulnerability in Symantec Endpoint Protection to leak privileged information and/or execute code with higher privileges, thus taking full control over the affected host.