BSides Edinburgh 2017 Crypto Contest Write Up
Recently, at the inaugural BSides Edinburgh, Ben Turner and I made the trek up to Edinburgh to see our colleague Neil Lines present his talk “The Hunt for The Red DA”. I can’t say that I am [...]
A quick analysis of the latest Shadow Brokers dump
Just in time for Easter, the Shadow Brokers released the latest installment of an NSA data dump, which contained an almost overwhelming amount of content - including, amongst other things, a number of [...]
Carbon Black – Security Advisories: CVE-2016-9570, CVE-2016-9568 and CVE-2016-9569
Nettitude have discovered three vulnerabilities in Carbon Black; CVE-2016-9570, CVE-2016-9568 and CVE-2016-9569. Two of these have been patched at the time of writing. CVE-2016-9570 Module: cb.exe (SRC-149) Version: 5.1.1.60603 Bug Type: Read-Out-Of-Bounds Impact: DoS Prerequisites: [...]
Effectively analysing sysmon logs
We previously covered setting up and using sysmon (System Monitor), which is part of the Sysinternals suite from Microsoft. In this article, we’ll walk through analysing the logs using Microsoft’s LogParser utility. […]
Putting attackers in hi vis jackets with sysmon
Background Sysmon (short for system monitor) has been part of the Sysinternals suite for several years. It comprises kernel-mode driver and a Windows service that monitors system events and writes those to Windows [...]
More XSS Shenanigans
In September, we released our XSS Payloads collection of scripts and they went down really well within the pen-testing community. There are lots of other fun things you can do to exploit cross site scripting [...]
Who owns your runtime?
Can mobile applications trust their own runtime environment? The answer to this burning question that has no doubt kept you awake at night is: nope. […]
Fun with Windows binaries – application whitelist bypass using msiexec
We were inspired by the work @subTee has done with application whitelisting. Consequently, we decided to have a hunt around for legitimate Windows binaries that can be used in nefarious ways for red teaming, breakout tests, [...]
PoshC2 – new features
There have been a few cool updates to PoshC2, our public Command & Control (C2) software, since we first released it. In this post, we’ll walk you through some of these new features [...]
An analysis of the RIG exploit kit
Over the last few weeks, we have observed an increase of RIG exploit kit alarms, delivering CrypMIC ransomware. This happened shortly after a major malvertising campaign, that delivered the same ransomware via the Neutrino [...]