Welcome to Nettitude Labs - LRQA Nettitude Labs

DerbyCon 2019 CTF Write Up

We recently returned from the always excellent DerbyCon 2019 conference. We once again competed in the 48 hour Capture The Flag competition under the team name "spicyweasel", where we were pleased to finish in second [...]

By Spicy Weasel|September 18, 2019|

Cross Site Scripting (XSS) Payload Generator

This post will help you to evade some of those tricky cross site scripting restrictions with the help of a new tool I've pushed to our XSS Payloads repository. There are times during a web [...]

By Iain Wallace|July 29, 2019|

CVE-2018-20319: Why you should always have two factor authentication on your VPN

The OpenConnect VPN client, on all supported platforms, suffered from a possible information leak that could result in an attacker with elevated local privileges obtaining plaintext credentials. This VPN security vulnerability has now been patched [...]

By Tom Wilson|June 19, 2019|

CVE-2019-7315: Genie Access WIP3BVAF IP Camera Directory Traversal

We have discovered a directory traversal vulnerability that affects Genie Access' WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera. This security vulnerability can act as the first step to full device compromise and has [...]

By Ben Hackman|May 30, 2019|

Operational Security with PoshC2 Framework

This post describes a new capability that has been deployed within PoshC2, which is designed to assist with revealing a wider set of target environment variables at the dropper stage, as part of operational security [...]

By Doug McLeod|May 23, 2019|