Welcome to Nettitude Labs - LRQA Nettitude Labs

Loading A Weaponised Interactive PowerShell Session With Metasploit

PowerShell is rapidly becoming the go to post exploitation method for hackers, with a plethora of awesome PowerShell tools such as PowerSploit, PowerUp, PowerView and Nishang, to name a few. The standard PowerShell environment can [...]

By Dave Hardy and Ben Turner|April 27, 2015|

QNAP NAS – Remote Unauthenticated User to Admin Shell: Part 2

tl;dr A number of security vulnerabilities have been identified in two applications hosted on the QNAP App Center. When combined it is possible for a remote unauthenticated user to gain interactive remote administrative access and [...]

By Mark Woods|April 16, 2015|

Verizon Data Breach Report 2015

A high level summary of the main findings from the cyber security industry’s favourite data driven report. As usual, the report is an easy read packed with analysis and information that is appetising and relevant. [...]

By Ben Densham|April 15, 2015|

QNAP NAS – Remote Unauthenticated User To Admin Shell: Part 1

tl;dr A number of security vulnerabilities have been identified in two applications hosted on the QNAP App Centre. When combined, it is possible for a remote unauthenticated user to gain interactive remote administrative access and [...]

By Mark Woods|April 8, 2015|

Network Security Monitoring With Bro IDS, TCPDump And MongoDB

Bro IDS is a powerful open source network security monitoring framework which I have had the opportunity to experiment with on a network monitoring server. It can log metadata for well known protocols such as [...]

By Sam Barker|April 1, 2015|