Welcome to Nettitude Labs

COM and the PowerThIEf

/

Tuesday 10 July 2018

Recently, Component Object Model (COM) has come back in a big…

CVE-2018-6851 to CVE-2018-6857: Sophos Privilege Escalation Vulnerabilities

/

Monday 25 June 2018

We have recently disclosed a list of vulnerabilities to Sophos…

CVE-2018-10956: Unauthenticated Privileged Directory Traversal in IPConfigure Orchid Core VMS

/

Thursday 14 June 2018

Affected Software: IPConfigure Orchid Core VMS (All versions…

Introducing Prowl

/

Tuesday 5 June 2018

Prowl was initially designed as an in house tool to aid engagements…

Apache mod_python for red teams

/

Thursday 31 May 2018

Nettitude’s red team engagements are typically designed to…

WinDbg: using pykd to dump private symbols

/

Wednesday 11 April 2018

We’ve recently been conducting some reverse engineering and…

CVE-2017-7351: REDCap 7.0.0 - 7.0.10 SQL Injection

/

Thursday 8 February 2018

A SQL injection vulnerability exists in REDCap versions 7.0.0…

Making PoshC2 More Accessible With a $5 VPS

/

Wednesday 31 January 2018

Users may find it difficult to host a PoshC2 server as it requires…

Advisories, Blog

Symantec Encryption Desktop Local Privilege Escalation - Exploiting an Arbitrary Hard Disk Read/Write Vulnerability Over NTFS

/

Tuesday 28 November 2017

Note: These vulnerabilities remain unpatched at the point of…