Using PoolTags to Fingerprint Hosts

Commonly, malware will fingerprint the host it executes on, in an attempt to discover more about its environment and act accordingly. Part of this process is quite often dedicated to analyzing specific data in order to figure out if the malware is running inside a VM, which could just be a honeypot or an analysis […]

CVE-2018-13442: SolarWinds NPM SQL Injection

A SQL injection vulnerability has been discovered in SolarWinds’ Network Performance Monitor (NPM).  This vulnerability has been designated CVE-2018-13442. SolarWinds NPM is one of the most widely used network monitoring tools available in the current market. It provides features such as availability monitoring, network discovery, health status, performance monitoring, and bandwidth analysis in order to […]

C:\Users\coakley\Desktop\labs.nettitude.com\Blogs\2018\Avecto\Pictures\Avecto_Block.png

CVE-2017-16245 & CVE-2017-16246: Avecto Defendpoint Multiple Vulnerabilities

Avecto Defendpoint is an endpoint protection product which, according to the Avecto website, will: “Prevent breaches without hindering productivity. Avecto combines best-in-class privilege management and application control, making admin rights removal simple and scalable across desktops and servers to ensure security and compliance.” This post focuses on the “application control” aspect of Avecto. Last year […]

Z:\Desktop\pyshc2.png

Python Server for PoshC2

We are delighted to announce the release of our PoshC2 Python Server, allowing cross-platform support. Over the past six months we have been working on a Python server for PoshC2, which allows it to be run on almost any Unix or Windows based system that is capable of running Python. We have thoroughly tested the […]

COM and the PowerThIEf

Recently, Component Object Model (COM) has come back in a big way, particularly with regards to it being used for persistence and lateral movement. In this blog we will run through how it can also can be used for limited process migration and JavaScript injection within Internet Explorer. We will then finish with how this […]

CVE-2018-6851 to CVE-2018-6857: Sophos Privilege Escalation Vulnerabilities

We have recently disclosed a list of vulnerabilities to Sophos that allow local attackers to elevate their privileges and execute code in the security context of the SYSTEM user account. Affected Products SafeGuard Enterprise 8.00.4 and earlier (Fix: install 8.00.5) SafeGuard Easy 7.00.2.35 and earlier (Fix: install 7.00.3) SafeGuard LAN Crypt 3.95.1.13 and earlier (Fix: […]