OUR LATEST RESEARCH
Introducing Process Hiving & RunPE
Download our whitepaper and tool This blog is a condensed version of a whitepaper we've released, called "Process Hiving". It comes with a new tool too, "RunPE". You can download these at the links [...]
CVE-2020-26153: Event Espresso Core – Cross Site Scripting
Nettitude have identified a Cross Site Scripting (XSS) vulnerability within Event Espresso Core. Event Espresso is a WordPress plugin which provides online event registration and ticket management. Versions 4.10.6.p and below allow remote attackers to [...]
PoshC2 – Introducing Native macOS Implants
Over the past few years, we have seen an increase in the number of macOS environments we are asked to assess. While PoshC2 has “supported” macOS by way of Python since the very early days, [...]
VM Detection Tricks, Part 3: Hyper-V RAW Network Protocol
This month's virtual machine detection trick involves detecting the presence of the Hyper-V RAW network protocol. This protocol is a special type of winsock protocol that is utilized by many of the guest features, allowing [...]
VM Detection Tricks, Part 2: Driver Thread Fingerprinting
This year we're documenting a series of new and as-yet undocumented VM detection tricks. These detection tricks will be focused on 64-bit Windows 10 or Windows Server 2019 guests, targeting a variety of VM platforms. [...]