Flipper Zero Experiments – Sub-GHz
“The quieter you become, the more you are able to hear.” This is the tagline associated with Kali Linux, a Linux distribution used by security researchers, penetration testers, and hackers alike. In the [...]
ETWHash – “He who listens, shall receive”
ETWHash is a small C# tool used during Red Team engagements, that can consume ETW SMB events and extract NetNTLMv2 hashes for cracking offline, unlike currently documented methods. GitHub: https://github.com/nettitude/ETWHash Microsoft ETW (Event [...]
Creating an IR Nightmare Drop Box
A common objective of physical assessments is placement of a drop box to establish communication out of the network environment. A few years ago, the choices were limited to NUC or a Raspberry [...]
Using LoRa as a Side Channel
This article will focus on using a LoRa to create a side channel using a public LoRa infrastructure. By using a gateway and endpoints defined in a LoRa network service, it is possible [...]
I Don’t Need a Badge – Lessons Learned from Physical Social Engineering
A covert entry assessment is a physical security assessment in which penetration testers try to gain access to sensitive or valuable data, equipment, or a certain location on a target site, without being [...]
Introducing Aladdin
Introducing Aladdin, a new tool and technique for red teamers to bypass misconfigured Windows Defender Application Control (WDAC) and AppLocker. Aladdin exploits a deserialisation issue over .NET remoting in order to execute code [...]
Exploiting Network Security Cameras: Understanding and Mitigating the Risks
Security cameras are an important tool for protecting homes and businesses. While they provide valuable assurance for physical assets, they also often expose interfaces that allow users to manage the device over the [...]
CVE-2022-25026 & CVE-2022-25027: Vulnerabilities in Rocket TRUfusion Enterprise
Nettitude recently conducted a penetration test for a customer who used Rocket TRUfusion Enterprise within their external infrastructure. Two high severity vulnerabilities were identified, including an authentication bypass issue and Server-Side Request Forgery [...]
Avoiding Detection with Shellcode Mutator
Today we are releasing a new tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often [...]
CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution
Download PwnlyOffice GitHub: https://github.com/nettitude/pwnlyoffice Background About 18 months ago, I was conducting a pentest of a document management platform. It was designed with the goal of providing a secure document storage and sharing [...]