Loading...

Pwn2Own – When The Latest Firmware Isn’t

For the second year running, LRQA Nettitude took part in the well-known cyber security competition Pwn2Own, held in Toronto last week. This competition involves teams researching certain devices to find and exploit vulnerabilities. [...]

By |2023-11-01T12:32:20+00:00November 1, 2023|

Introducing Aladdin

Introducing Aladdin, a new tool and technique for red teamers to bypass misconfigured Windows Defender Application Control (WDAC) and AppLocker. Aladdin exploits a deserialisation issue over .NET remoting in order to execute code [...]

By |2023-03-01T15:53:38+00:00March 1, 2023|

Offensive Security: From OSCE to OSCE3

OSCE3 (Offensive Security Certified Expert 3) is a certification from Offensive Security which has replaced the (now retired) OSCE certification. This post explores a pentester's journey from being OSCE certified to becoming OSCE3 [...]

By |2022-08-09T14:32:41+00:00August 8, 2022|

CVE-2020-24550: Open Redirect in Episerver Find

During the course of our work, we discovered an open redirect vulnerability in Episerver Find.  This has been assigned CVE-2020-24550. The Episerver platform includes content management, e-commerce functionality, marketing automation, and search and [...]

By |2022-01-18T21:19:40+00:00February 11, 2021|
Go to Top