Background Sysmon (short for system monitor) has been part of the Sysinternals suite for several years. It comprises kernel-mode driver and a Windows service that monitors system events and writes those to Windows [...]
In September, we released our XSS Payloads collection of scripts and they went down really well within the pen-testing community. There are lots of other fun things you can do to exploit cross site scripting [...]
Can mobile applications trust their own runtime environment? The answer to this burning question that has no doubt kept you awake at night is: nope. […]
We were inspired by the work @subTee has done with application whitelisting. Consequently, we decided to have a hunt around for legitimate Windows binaries that can be used in nefarious ways for red teaming, breakout tests, [...]
There have been a few cool updates to PoshC2, our public Command & Control (C2) software, since we first released it. In this post, we’ll walk you through some of these new features [...]
Over the last few weeks, we have observed an increase of RIG exploit kit alarms, delivering CrypMIC ransomware. This happened shortly after a major malvertising campaign, that delivered the same ransomware via the Neutrino [...]
We recently discovered a new and quietly released Windows kernel exploitation defence. Exploiting a kernel bug by setting the pointer to the SecurityDescriptor to NULL in the header of a process object running [...]
We recently received an email which contained a malicious Word macro. Usually, the only thing that changes between malicious Office macros is the obfuscation that is used; e.g. changing variable names and splitting text strings. This [...]
We’ve just got back to work after spending a fantastic few days in Kentucky for DerbyCon 2016. As with previous years, there was an awesome CTF event, so we thought it’d be rude [...]
Finding WordPress plugin vulnerabilities is like shooting fish in a barrel. Like taking candy from a baby. Like… you get the idea. Quick wins are good wins and there’s nothing like easy remote [...]