SPEAR – Redirect to SMB
Apr14

SPEAR – Redirect to SMB

We’ve uncovered a new technique for stealing sensitive login credentials from any Windows PC, tablet or server, including ones running previews of the yet-to-be-released Windows 10 operating system. Software from at least 31 companies including Adobe, Apple, Box, Microsoft, Oracle and Symantec can be exploited using this vulnerability, which we have dubbed Redirect to SMB.  Carnegie Mellon University CERT disclosed the vulnerability...

Read More

[PentesterLab Exercise] Outbound XML Entity Exploitation

Introduction This course details the exploitation of a XML entity bug in the Play framework. This issue can be used to retrieve arbitrary files and list the content of arbitrary directories. The interresting thing about this bug is that it’s completely transparent and can stay (and stayed) unnoticed for a long time. To find this bug in a black-box test, you need to know what you are looking for. If you want to go ahead without...

Read More

Windows Networks Group Policy Hijacking Attacks

For those of you that didn’t make it to SyScan ‘15 last week, this is a blog post version of the presentation I gave about the vulnerabilities I found in group policy that resulted in Microsoft releasing MS15-011 and MS15-014 in February. These bulletins resolve issues in Microsoft’s group policy engine that allow remote code execution at SYSTEM level if an attacker can intercept network traffic from a domain-joined system. The full...

Read More

Top 5 Linux and Windows privilege escalation scripts

There are several Linux and Windows privilege escalation scripts freely available online. Here are the Top 5 I found Basic Linux Privilege Escalation (g0tmi1k) Windows Privilege Escalation – a cheatsheet (Tim Arneaud) Linux/Unix privileges from a blackhats perspective Automated Unix Privilege Escalation Check (pentestmonkey) Automated Windows Privilege Escalation Check...

Read More

Smashing The Browser: From Vulnerability Discovery To Exploit

Part 1: Browser Fuzzing Technology This part will first introduce a fuzzer framework (StateFuzzer) developed by myself as well as the fuzzing strategies behind it. Then conclude some effective fuzzing ideas and related vulnerabilities based on results of the fuzzer. Part 2: Advance Browser Exploitation Techniques This part will first brief introduce the security model of modern browsers as well as the combat between exploit and...

Read More

Android Installer Hijacking Vulnerability Could Expose Android Users to Malware

Researchers at PaloAlto networks have discovered a widespread vulnerability in Google’s Android OS, “Android Installer Hijacking,” estimated to impact 49.5% of all current Android users. Android Installer Hijacking allows an attacker to modify or replace a seemingly benign Android app with malware, without user knowledge. This only affects applications downloaded from third-party app stores. The malicious application can gain full...

Read More