Blog - LRQA Nettitude Labs

Analysing the NULL SecurityDescriptor kernel exploitation mitigation in the latest Windows 10 v1607 Build 14393

We recently discovered a new and quietly released Windows kernel exploitation defence. Exploiting a kernel bug by setting the pointer to the SecurityDescriptor to NULL in the header of a process object running [...]

By Kyriakos Economou|2016-10-13T13:15:25+00:00October 13, 2016|

From macro to malware – a step by step analysis

We recently received an email which contained a malicious Word macro. Usually, the only thing that changes between malicious Office macros is the obfuscation that is used; e.g. changing variable names and splitting text strings. This [...]

By Kyriakos Economou|2016-10-03T15:42:50+00:00October 3, 2016|

DerbyCon 2016 CTF Write Up

We’ve just got back to work after spending a fantastic few days in Kentucky for DerbyCon 2016. As with previous years, there was an awesome CTF event, so we thought it’d be rude [...]

By Spicy Weasel|2016-09-27T23:24:35+00:00September 27, 2016|

ZeroPress – A WordPress Vulnerability Hunter

Finding WordPress plugin vulnerabilities is like shooting fish in a barrel. Like taking candy from a baby. Like… you get the idea. Quick wins are good wins and there’s nothing like easy remote [...]

By Chris|2016-09-16T14:53:25+00:00September 16, 2016|

Rocktastic: a word list on steroids

Bigger isn’t always better, but sometimes it is. If you need a huge word list before you hit those mask attacks, we’ve got you covered. We call it Rocktastic. When you absolutely, positively, [...]

By Nettitude Labs|2016-09-08T12:40:58+00:00September 8, 2016|

Introducing 'XSS Payloads' repository: Cross Site Scripting doesn't have to be boring

Sometimes, particularly when dealing with a system perimeter, there’s very little attack surface to deal with. You may find yourself with not much more than boring old XSS to poke at. We feel your pain. [...]

By Chris|2016-09-02T12:51:01+00:00September 2, 2016|

What is the jailbreak for iOS 9.3.3 actually doing?

Many people who jailbreak their devices are unaware of the vulnerabilities being exploited in order to gain privileged access to the underlying iOS operating system. Users typically jailbreak devices in order to install [...]

By Nettitude Labs|2016-08-26T11:50:52+00:00August 26, 2016|

Nettitude Labs release PoshC2 v1.0, a command and control framework

PoshC2 is a proxy aware command and control framework written completely in PowerShell. It is designed to aid penetration testers with red teaming, post-exploitation and lateral movement. […]

By Ben Turner|2016-07-12T14:04:51+00:00July 12, 2016|

QNAP Android: Don't Over Provide

The QNAP Android applications Qnotes 1.1.8.0128 and Qget 2.0.1.1029 suffer from unintended data leakage. A malicious process can use this vulnerability to gain access to cached data and logon credentials for the back-end [...]

By Mark Woods|2016-06-07T09:45:43+00:00June 7, 2016|

Escaping the Avast sandbox

An Avast Sandbox escape, CVE-2016-4025, is possible due to a design flaw in the Avast DeepScreen feature. It is likely that this flaw will remain in supported Avast products for some time. […]

By Kyriakos Economou|2016-04-19T10:42:05+00:00April 19, 2016|