Entries by Ben Turner

CVE-2018-5240: Symantec Management Agent (Altiris) Privilege Escalation

During a recent red team exercise, we discovered a vulnerability within the latest versions of the Symantec Management Agent (Altiris), that allowed us to escalate our privileges. Overview When the Altiris agent performs an inventory scan, e.g. software inventory scan, the SYSTEM level service re-applies the permissions on both the NSI and Outbox folders after […]

Python Server for PoshC2

We are delighted to announce the release of our PoshC2 Python Server, allowing cross-platform support. Over the past six months we have been working on a Python server for PoshC2, which allows it to be run on almost any Unix or Windows based system that is capable of running Python. We have thoroughly tested the […]