Loading...

Pwn2Own – When The Latest Firmware Isn’t

For the second year running, LRQA Nettitude took part in the well-known cyber security competition Pwn2Own, held in Toronto last week. This competition involves teams researching certain devices to find and exploit vulnerabilities. [...]

By |2023-11-01T12:32:20+00:00November 1, 2023|

Preventing Type Confusion with CastGuard

Built into the Microsoft C++ compiler and runtime, CastGuard is a pivotal security enhancement designed to significantly reduce the number of exploitable Type Confusion vulnerabilities in applications. Joe Bialek gave a talk about [...]

By |2023-10-18T08:30:02+00:00October 18, 2023|

Flipper Zero Experiments – Sub-GHz

“The quieter you become, the more you are able to hear.” This is the tagline associated with Kali Linux, a Linux distribution used by security researchers, penetration testers, and hackers alike. In the [...]

By |2023-06-05T15:45:58+00:00June 5, 2023|

ETWHash – “He who listens, shall receive”

ETWHash is a small C# tool used during Red Team engagements, that can consume ETW SMB events and extract NetNTLMv2 hashes for cracking offline, unlike currently documented methods.  GitHub: https://github.com/nettitude/ETWHash Microsoft ETW (Event [...]

By |2023-05-03T13:25:20+00:00May 3, 2023|

Creating an IR Nightmare Drop Box

A common objective of physical assessments is placement of a drop box to establish communication out of the network environment. A few years ago, the choices were limited to NUC or a Raspberry [...]

By |2023-04-21T08:59:37+00:00April 21, 2023|

Using LoRa as a Side Channel

This article will focus on using a LoRa to create a side channel using a public LoRa infrastructure. By using a gateway and endpoints defined in a LoRa network service, it is possible [...]

By |2023-04-21T09:11:46+00:00April 19, 2023|

Introducing Aladdin

Introducing Aladdin, a new tool and technique for red teamers to bypass misconfigured Windows Defender Application Control (WDAC) and AppLocker. Aladdin exploits a deserialisation issue over .NET remoting in order to execute code [...]

By |2023-03-01T15:53:38+00:00March 1, 2023|
Load More Posts
Go to Top