OUR LATEST RESEARCH
Introducing FComm – C2 Lateral Movement
Over the past few years, we have found a few edge cases where the traditional lateral movement communication methods contained within PoshC2 did not suit particular client environments. To solve this problem, we have created [...]
VM Detection Tricks, Part 1: Physical memory resource maps
In this series we’ll document a novel and as-yet-undocumented Virtual Machine detection trick for each month of 2021. These detection tricks will be focused on 64-bit Windows 10 or Windows Server 2019 guests, targeting a [...]
PoshC2 Improved HTML Reports
Red team operators need detailed and accurate C2 report output in order to conduct high quality work. Consequently, reporting has always been a key element of PoshC2. With this update, PoshC2s reporting engine has been [...]
CVE-2020-14418: madCodeHook Library Local Privilege Escalation
Nettitude discovered a vulnerability in the 'madCodeHook' third party library which caused a number of security products, including Cisco AMP and Morphisec Unified Threat Prevention Platform, to contain a local privilege escalation vulnerability. Since the [...]
CVE-2020-27708: Electronic Arts (EA) Origin – Local Privilege Escalation
We recently assessed the security posture of Electronic Arts Origin Client and discovered a privilege escalation issue that would allow a low privilege attacker to elevate privileges to NT AUTHORTY\SYSTEM. This has been recorded as [...]