Nettitude have discovered three vulnerabilities in Carbon Black; CVE-2016-9570, CVE-2016-9568 and CVE-2016-9569. Two of these have been patched at the time of writing. CVE-2016-9570 Module: cb.exe (SRC-149) Version: 22.214.171.124603 Bug Type: Read-Out-Of-Bounds Impact: DoS Prerequisites: Hijack NetMon Pipe Severity: Medium Status: Remediated Note: The following technical details are taken from the x86 build of the Carbon Black […]
We previously covered setting up and using sysmon (System Monitor), which is part of the Sysinternals suite from Microsoft. In this article, we’ll walk through analysing the logs using Microsoft’s LogParser utility.
Background Sysmon (short for system monitor) has been part of the Sysinternals suite for several years. It comprises kernel-mode driver and a Windows service that monitors system events and writes those to Windows event logs. The fact that it is a kernel mode driver gives it a significant advantage over many other monitoring agents. As […]
In September, we released our XSS Payloads collection of scripts and they went down really well within the pen-testing community. There are lots of other fun things you can do to exploit cross site scripting and so we’ve recently added another couple of payloads. The payloads described in this post can be found at https://github.com/nettitude/xss_payloads. recon.php Finding a […]
Can mobile applications trust their own runtime environment? The answer to this burning question that has no doubt kept you awake at night is: nope.
We were inspired by the work @subTee has done with application whitelisting. Consequently, we decided to have a hunt around for legitimate Windows binaries that can be used in nefarious ways for red teaming, breakout tests, etc.