Introducing Prowl
Prowl was initially designed as an in house tool to aid engagements where there's a requirement to capture email addresses from LinkedIn. Recently, it has been further developed to provide the same initial [...]
Apache mod_python for red teams
Nettitude’s red team engagements are typically designed to be as highly targeted and as stealthy as possible. For the command and control (C2) infrastructure, this means layering several techniques. We hide all of [...]
WinDbg: using pykd to dump private symbols
We’ve recently been conducting some reverse engineering and vulnerability analysis on an Anti Virus (AV) product and wanted to attach Rohitab API Monitor to one of the AV’s running processes so that I [...]
CVE-2017-7351: REDCap 7.0.0 – 7.0.10 SQL Injection
A SQL injection vulnerability exists in REDCap versions 7.0.0 - 7.0.10. This has been designated CVE-2017-7351. What is REDCap? According to https://projectredcap.org, 2018: “REDCap is a secure web application for building and managing [...]
Making PoshC2 More Accessible With a $5 VPS
Users may find it difficult to host a PoshC2 server as it requires a Windows host, either directly connected to the Internet or in a position to be NAT’d through a firewall from [...]
CVE-2019-9702: Symantec Encryption Desktop Local Privilege Escalation – Exploiting an Arbitrary Hard Disk Read/Write Vulnerability Over NTFS
Note: These vulnerabilities remain unpatched at the point of publication. We have been working with Symantec to try and help them to fix this since our initial private disclosure in July 2017 (full [...]
PoshC2 v3 with SOCKS Proxy (SharpSocks)
OVERVIEW We’ve been working on quite a few changes since the release of PoshC2 v2, our public Command & Control framework, back in December 2016. In this blog we’ll talk about the top [...]
DerbyCon 2017 CTF Write Up
The excellent Derbycon 2017 has just come to an end and, just like last year, we competed in the Capture The Flag competition, which ran for 48 hours from noon Friday to Sunday. [...]
Lifting the clouds from cloud investigations
Nettitude’s IR team recently had an opportunity to investigate a breach in a cloud environment. The client had recently adopted Office 365 in a hybrid configuration to host a range of Microsoft services [...]
CVE-2017-8116: Teltonika router unauthenticated remote code execution
We sometimes require internet connectivity in situations where a traditional connection is not easily possible. 4G routers provide an answer to this problem by providing connectivity to a variety of devices and systems [...]