Loading A Weaponised Interactive PowerShell Session With Metasploit

PowerShell is rapidly becoming the go to post exploitation method for hackers, with a plethora of awesome PowerShell tools such as PowerSploit, PowerUp, PowerView and Nishang, to name a few. The standard PowerShell environment can be quickly extended into a hacker’s delight. These ‘tools’ are written entirely in PowerShell and do not touch disk (largely) […]

QNAP NAS – Remote Unauthenticated User to Admin Shell: Part 2

tl;dr A number of security vulnerabilities have been identified in two applications hosted on the QNAP App Center. When combined it is possible for a remote unauthenticated user to gain interactive remote administrative access and take full control of the device. Introduction In the previous blog post, it was shown that the Logitech Media Server […]

Verizon Data Breach Report 2015

A high level summary of the main findings from the cyber security industry’s favourite data driven report. As usual, the report is an easy read packed with analysis and information that is appetising and relevant. The key concerns centre on the age old favourite threat scenarios of patch management and phishing attacks. An attempt to […]

QNAP NAS – Remote Unauthenticated User To Admin Shell: Part 1

tl;dr A number of security vulnerabilities have been identified in two applications hosted on the QNAP App Centre. When combined, it is possible for a remote unauthenticated user to gain interactive remote administrative access and take full control of the device. Introduction As a security professional you are constantly sharpening your skills; investigating a new […]

Network Security Monitoring With Bro IDS, TCPDump And MongoDB

Bro IDS is a powerful open source network security monitoring framework which I have had the opportunity to experiment with on a network monitoring server. It can log metadata for well known protocols such as HTTP, DNS and SMTP, as well as extract files it sees being transferred in these protocols. It logs all its […]

CSRF And Unsafe Arbitrary File Upload In NextGEN Gallery Plugin (2.0.77.0) For WordPress

1      Introduction Please note the vulnerability detailed in this blog article was first discovered on Monday 9th March 2015, disclosed and discussed with the company concerned on March 10th and a patch was released on March 12th. 1.1    Versions and CVE Currently tested on NextGEN Gallery >=2.0.77.0 and WordPress 4.1.1 CVE-2015-1784 NextGEN Gallery WordPress: file […]