Disassembly

Carbon Black – Security Advisories: CVE-2016-9570, CVE-2016-9568 and CVE-2016-9569

Nettitude have discovered three vulnerabilities in Carbon Black; CVE-2016-9570, CVE-2016-9568 and CVE-2016-9569. Two of these have been patched at the time of writing. CVE-2016-9570 Module: cb.exe (SRC-149) Version: 5.1.1.60603 Bug Type: Read-Out-Of-Bounds Impact: DoS Prerequisites: Hijack NetMon Pipe Severity: Medium Status: Remediated Note: The following technical details are taken from the x86 build of the Carbon Black […]

Sample LogParser SQL query

Effectively analysing sysmon logs

We previously covered setting up and using sysmon (System Monitor), which is part of the Sysinternals suite from Microsoft. In this article, we’ll walk through analysing the logs using Microsoft’s LogParser utility.

Putting attackers in hi vis jackets with sysmon

Background Sysmon (short for system monitor) has been part of the Sysinternals suite for several years.  It comprises kernel-mode driver and a Windows service that monitors system events and writes those to Windows event logs.   The fact that it is a kernel mode driver gives it a significant advantage over many other monitoring agents.  As […]

More XSS Shenanigans

In September, we released our XSS Payloads collection of scripts and they went down really well within the pen-testing community. There are lots of other fun things you can do to exploit cross site scripting and so we’ve recently added another couple of payloads. The payloads described in this post can be found at https://github.com/nettitude/xss_payloads. recon.php Finding a […]

Bypass with well-placed breakpoints using LLDB

Who owns your runtime?

Can mobile applications trust their own runtime environment? The answer to this burning question that has no doubt kept you awake at night is: nope.

Create a caption for the OLE object

Fun with Windows binaries – application whitelist bypass using msiexec

We were inspired by the work @subTee has done with application whitelisting.  Consequently, we decided to have a hunt around for legitimate Windows binaries that can be used in nefarious ways for red teaming, breakout tests, etc.