DerbyCon 2019 CTF Write Up
We recently returned from the always excellent DerbyCon 2019 conference. We once again competed in the 48 hour Capture The Flag competition under the team name "spicyweasel", where we were pleased to finish [...]
Cross Site Scripting (XSS) Payload Generator
This post will help you to evade some of those tricky cross site scripting restrictions with the help of a new tool I've pushed to our XSS Payloads repository. There are times during [...]
CVE-2018-20319: Why you should always have two factor authentication on your VPN
The OpenConnect VPN client, on all supported platforms, suffered from a possible information leak that could result in an attacker with elevated local privileges obtaining plaintext credentials. This VPN security vulnerability has now [...]
CVE-2019-7315: Genie Access WIP3BVAF IP Camera Directory Traversal
We have discovered a directory traversal vulnerability that affects Genie Access' WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera. This security vulnerability can act as the first step to full device compromise [...]
Operational Security with PoshC2 Framework
This post describes a new capability that has been deployed within PoshC2, which is designed to assist with revealing a wider set of target environment variables at the dropper stage, as part of [...]
CVE-2017-18019: Privilege Escalation via a Kernel Pointer Dereference
A little while ago, I discovered a vulnerability, CVE-2017-18019, affecting a kernel driver of multiple K7 Computing security products, as well as the products of Defenx, both for Windows. Both were affected because [...]
Introducing PoshC2 v4.8 – includes C# dropper, task management and more! – Part One
We recently released version 4.8 of PoshC2, which includes a number of fixes and improvements that help facilitate simulated attacks. This is the first post in a series of posts that will include [...]
CVE-2018-8955: Bitdefender GravityZone Arbitrary Code Execution
We recently identified a vulnerability in the digitally signed Bitdefender GravityZone installer. The vulnerability allows an attacker to execute malicious code without breaking the original digital signature, and without embedding anything malicious into [...]
DerbyCon 2018 CTF Write Up
We have just returned from the always amazing DerbyCon 2018 conference. We competed in the 48 hour Capture the Flag competition under our usual team name of “Spicy Weasel” and are pleased to [...]
CVE-2018-5240: Symantec Management Agent (Altiris) Privilege Escalation
During a recent red team exercise, we discovered a vulnerability within the latest versions of the Symantec Management Agent (Altiris), that allowed us to escalate our privileges. Overview When the Altiris agent performs [...]