OUR LATEST RESEARCH
CVE-2018-12897: Solarwinds Dameware Mini Remote Control Local SEH Buffer Overflow
Dameware Mini Remote Control (MRC) is a remote administration utility allowing remote access to end user devices for a variety of purposes. You can often find it among the plethora of toolkits used by system [...]
Introducing Scrounger – iOS and Android mobile application penetration testing framework
Scrounger is a modular tool designed to perform the routine tasks required during a mobile application security assessment. Scrounger conveniently brings together both major mobile operating systems - Android and iOS - into a single [...]
Extending C2 Lateral Movement – Invoke-Pbind
Invoke-Pbind is a mini post exploitation framework written in PowerShell, which builds C2 communications over SMB named pipes using a push rather than a pull mechanism. Pbind was initially created to overcome lateral movement problems, [...]
Using PoolTags to Fingerprint Hosts
Commonly, malware will fingerprint the host it executes on, in an attempt to discover more about its environment and act accordingly. Part of this process is quite often dedicated to analyzing specific data in order [...]
CVE-2018-13442: SolarWinds NPM SQL Injection
A SQL injection vulnerability has been discovered in SolarWinds’ Network Performance Monitor (NPM). This vulnerability has been designated CVE-2018-13442. SolarWinds NPM is one of the most widely used network monitoring tools available in the current [...]