PoshC2 – new features

There have been a few cool updates to PoshC2, our public Command & Control (C2) software, since we first released it. In this post, we’ll walk you through some of these new features so that you can try them out for yourself.  We encourage you to give it a go and get involved.

Four stages of the exploit kit infection chain [1]

An analysis of the RIG exploit kit

Over the last few weeks, we have observed an increase of RIG exploit kit alarms, delivering CrypMIC ransomware. This happened shortly after a major malvertising campaign, that delivered the same ransomware via the Neutrino exploit kit, was shut down by Cisco’s Talos Security Intelligence and Research Group earlier this month [1].

Windows Explorer default permissions

Analysing the NULL SecurityDescriptor kernel exploitation mitigation in the latest Windows 10 v1607 Build 14393

We recently discovered a new and quietly released Windows kernel exploitation defence. Exploiting a kernel bug by setting the pointer to the SecurityDescriptor to NULL in the header of a process object running as SYSTEM won’t work from Windows 10 v1607 (Build 14393).  If you want to know why, keep reading.

From macro to malware – a step by step analysis

We recently received an email which contained a malicious Word macro. Usually, the only thing that changes between malicious Office macros is the obfuscation that is used; e.g. changing variable names and splitting text strings. This one was different. We decided to analyse the payload and before we knew it, we were deep down the rabbit hole!

DerbyCon 2016 CTF Write Up

We’ve just got back to work after spending a fantastic few days in Kentucky for DerbyCon 2016.  As with previous years, there was an awesome CTF event, so we thought it’d be rude not to participate.  This post will provide a walk-through of some of the many interesting challenges.  

ZeroPress – A WordPress Vulnerability Hunter

Finding WordPress plugin vulnerabilities is like shooting fish in a barrel.  Like taking candy from a baby.  Like… you get the idea.  Quick wins are good wins and there’s nothing like easy remote code execution to put a smile on your face.  WordPress plugins are the gifts that keep on giving.