OUR LATEST RESEARCH
Exploiting Network Security Cameras: Understanding and Mitigating the Risks
Security cameras are an important tool for protecting homes and businesses. While they provide valuable assurance for physical assets, they also often expose interfaces that allow users to manage the device over the network, presenting [...]
CVE-2022-25026 & CVE-2022-25027: Vulnerabilities in Rocket TRUfusion Enterprise
Nettitude recently conducted a penetration test for a customer who used Rocket TRUfusion Enterprise within their external infrastructure. Two high severity vulnerabilities were identified, including an authentication bypass issue and Server-Side Request Forgery (SSRF). These [...]
Avoiding Detection with Shellcode Mutator
Today we are releasing a new tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected [...]
CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution
Download PwnlyOffice GitHub: https://github.com/nettitude/pwnlyoffice Background About 18 months ago, I was conducting a pentest of a document management platform. It was designed with the goal of providing a secure document storage and sharing solution for [...]
What is Cybersquatting?
Cybersquatting is the act of registering a domain name which looks similar to a target domain in order to perform malicious activity. This includes facilitating phishing campaigns, attacking genuine visitors who mistyped an address, or [...]