OUR LATEST RESEARCH
CVE-2020-24550: Open Redirect in Episerver Find
During the course of our work, we discovered an open redirect vulnerability in Episerver Find. This has been assigned CVE-2020-24550. The Episerver platform includes content management, e-commerce functionality, marketing automation, and search and navigation capabilities. [...]
Introducing FComm – C2 Lateral Movement
Over the past few years, we have found a few edge cases where the traditional lateral movement communication methods contained within PoshC2 did not suit particular client environments. To solve this problem, we have created [...]
VM Detection Tricks, Part 1: Physical memory resource maps
In this series we’ll document a novel and as-yet-undocumented Virtual Machine detection trick for each month of 2021. These detection tricks will be focused on 64-bit Windows 10 or Windows Server 2019 guests, targeting a [...]
PoshC2 Improved HTML Reports
Red team operators need detailed and accurate C2 report output in order to conduct high quality work. Consequently, reporting has always been a key element of PoshC2. With this update, PoshC2s reporting engine has been [...]
CVE-2020-14418: madCodeHook Library Local Privilege Escalation
Nettitude discovered a vulnerability in the 'madCodeHook' third party library which caused a number of security products, including Cisco AMP and Morphisec Unified Threat Prevention Platform, to contain a local privilege escalation vulnerability. Since the [...]