A malicious application can take advantage of a vulnerability in Symantec Endpoint Protection to leak privileged information and/or execute code with higher privileges, thus taking full control over the affected host. Products Affected [...]
It has been over a year since we released the first version of SharpSocks, our proxy-aware reverse HTTP tunnelling SOCKS proxy. This post aims to provide a State of the Nation update for [...]
PoshC2 v5.0 is here and there are significant changes and improvements that we’re very excited to reveal! There's been a move to Python3, much improved documentation, significant functionality and quality of life improvements, [...]
As Cloud infrastructure has become common, it has also become common for penetration testers to find themselves attacking clients that rely on e.g. AWS or Azure environments for handling, storing, and processing critical [...]
As part of our research into threats facing the marine and offshore sector, we recently uncovered an ongoing malware campaign. It makes use of specific maritime industry related document lures, and attempts to [...]
We recently returned from the always excellent DerbyCon 2019 conference. We once again competed in the 48 hour Capture The Flag competition under the team name "spicyweasel", where we were pleased to finish [...]
This post will help you to evade some of those tricky cross site scripting restrictions with the help of a new tool I've pushed to our XSS Payloads repository. There are times during [...]
The OpenConnect VPN client, on all supported platforms, suffered from a possible information leak that could result in an attacker with elevated local privileges obtaining plaintext credentials. This VPN security vulnerability has now [...]
We have discovered a directory traversal vulnerability that affects Genie Access' WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera. This security vulnerability can act as the first step to full device compromise [...]
This post describes a new capability that has been deployed within PoshC2, which is designed to assist with revealing a wider set of target environment variables at the dropper stage, as part of [...]