Welcome to Nettitude Labs - LRQA Nettitude Labs

More XSS Shenanigans

In September, we released our XSS Payloads collection of scripts and they went down really well within the pen-testing community. There are lots of other fun things you can do to exploit cross site scripting and so [...]

By Iain Wallace|February 3, 2017|

Who owns your runtime?

Can mobile applications trust their own runtime environment? The answer to this burning question that has no doubt kept you awake at night is: nope. […]

By Jose Lopes|January 11, 2017|

Fun with Windows binaries – application whitelist bypass using msiexec

We were inspired by the work @subTee has done with application whitelisting. Consequently, we decided to have a hunt around for legitimate Windows binaries that can be used in nefarious ways for red teaming, breakout tests, etc. [...]

By Ben Turner|December 15, 2016|

PoshC2 – new features

There have been a few cool updates to PoshC2, our public Command & Control (C2) software, since we first released it. In this post, we’ll walk you through some of these new features so that [...]

By Nettitude Labs|December 1, 2016|

An analysis of the RIG exploit kit

Over the last few weeks, we have observed an increase of RIG exploit kit alarms, delivering CrypMIC ransomware. This happened shortly after a major malvertising campaign, that delivered the same ransomware via the Neutrino exploit kit, [...]

By Marcel Feller|October 27, 2016|