Relaying NTLM authentication over RPC
Since a few years, we – as pentesters – (and probably bad guys as well) make use of NTLM relaying a lot for privilege escalation in Windows networks. In this article, we propose adding support for the...
View ArticleYet Another Froala 0-Day XSS
Introduction Froala WYSIWYG HTML Editor is a lightweight WYSIWYG HTML Editor written in JavaScript that enables rich text editing capabilities for web applications [1]. Froala sanitizes the user input...
View ArticleMake the most out of BloodHound
During internal assessments in Windows environments, we use BloodHound more and more to gather a comprehensive view of the permissions granted to the different Active Directory objects. If you haven’t...
View Article101 for lateral movement detection
In case of an incident you’ll want to be ready to respond fast. Time is a crucial factor during an incident and the faster you move, the better. You want your Incident Resonse Team to be quick and...
View ArticleEvading Static Machine Learning Malware Detection Models – Part 1: The...
Modern anti-malware products such as Windows Defender increasingly rely on the use of machine learning algorithms to detect and classify harmful malware. In this two-part series, we are going to...
View ArticleBurp Extension: Copy Request & Response
Writing good reports is key in penetration tests / security assessments, since this is the final result delivered to the customer. Vulnerabilities should be described in a way so that the customer can...
View ArticleEvading Static Machine Learning Malware Detection Models – Part 2: The...
In the first blog post of this series, we tested several tools for evading a static machine learning-based malware detection model. As promised, we are now taking a closer look at the EMBER dataset...
View ArticleThe “Volatility Triage App” for Splunk
We are proud to announce the release of our first Splunk App, which can be used to perform a first high level analysis of Volatility’s results coming from multiple hosts....
View Article.CH Zone Lookup Tool
Fighting cybercrime is one of the reason Switch announced to publish the .ch zone. Switzerland has a law on Open-Government-Data-Strategy that follows the open-by-default strategy The .ch zone file...
View ArticleThe Good Old DNS Rebinding
“This application is hosted in our internal network and not exposed to the Internet, why should we invest money and time in securing it? Our employees have access to that data anyway…”If you performed...
View Article
More Pages to Explore .....