Blog

cyber security companies | penetration testing | managed security service provider | cyber security consultant
May 22, 2020

Introduction to Cutter

Cutter is a Graphical User Interface (GUI) built around the long-lived radare2 disassembler. The largest problem with radare2 is it’s usability. Whilst radare is efficient to use once mastered, it has many problems for first time users. Running pdf to ‘print disassembled function’ or aaa to analyze and auto-name all functions might seem intuitive to long time users but… Continue reading Introduction to Cutter

Read More
cyber security companies | penetration testing | managed security service provider | cyber security consultant
May 14, 2020

Capturing and Relaying NTLM Authentication: Methods and Techniques

This blog post will provide an overview of the methods available to force NTLM authentication to a rogue server, and capture or relay the credential material. These attacks can be leveraged to escalate privileges within an Active Directory domain environment. I like to look at these attacks as having 3 stages which are: Positioning a… Continue reading Capturing and Relaying NTLM Authentication: Methods and Techniques

Read More
cyber security companies | penetration testing | managed security service provider | cyber security consultant
May 11, 2020

Game Over Privileges

On Windows a privilege is the right of an account, such as a user or group account, to perform various system-related operations on the local computer. There are 36 privileges defined in the Privilege Constants although a number are used internally by the operating system. There are a number of privileges that are considered game over, in… Continue reading Game Over Privileges

Read More
cyber security audit services | penetration testing brisbane | information security consultant | pen testing
April 22, 2020

Advanced socat

socat is a general-purpose networking tool that allows the creation of two bidirectional streams. It has a large amount of support for different protocols and data sources, including OPENSSL, SOCKS4, TCP, UDP, TAP, SCTP and more. When performing a penetration test this tool can be leveraged to bypass basic firewall restrictions and transfer files across… Continue reading Advanced socat

Read More
cyber security audit services | penetration testing brisbane | information security consultant | pen testing
April 2, 2020

Making a PoC for CVE-2020-0668

Recently Clément Labro released a blog post about an arbitrary file move vulnerability he discovered. This was CVE-2020-0668 which involved abusing Service Tracing to cause an arbitrary file move with the help of symlinks.   I confirmed the vulnerability using the Google Project Zero symboliclink-testing-tools but wanted to create a standalone executable, that could be easily shipped to a… Continue reading Making a PoC for CVE-2020-0668

Read More
cyber security companies | penetration testing brisbane | managed security service provider | cyber security consultant
April 1, 2020

Exploiting ASP.NET ViewState Misconfigurations for Remote Code Execution

This post explores how an ASP.NET project incorrectly disclosing its web.config containing static keys allows for remote code execution. The common cases for exploiting this vulnerability would be if the web application has published it’s static machine keys to GitHub, such as with the example project for this post (https://github.com/ozajay0207/EGVC) or if the application has… Continue reading Exploiting ASP.NET ViewState Misconfigurations for Remote Code Execution

Read More