About b0yd (Edit profile)

This author has not yet filled in any details.
So far b0yd has created 0 blog entries.

PreAuth RCE on Palo Alto GlobalProtect Part II (CVE-2019-1579)

Background Before I get started I want to clearly state that I am in no way affiliated, sponsored, or endorsed with/by Palo Alto Networks. All graphics are being displayed under fair use for the purposes of this article. I recently encountered several unpatched Palo Alto firewall devices during a routine red team [...]

By |2019-09-18T02:36:51+00:00September 10th, 2019|BUG BOUNTY, EXPLOITS|0 Comments

POC or Stop The Calc Popping Videos – CVE-2017-9830 – CVE-2019-7839

POC or STOP THE CALC POPPING VIDEOS As a red teamer / penetration tester / bug bounty hunter, I get exposed to a wide range of software products while performing customer engagements. Often times we find systems running outdated or unpatched services with publicly disclosed vulnerabilities only to find a video popping [...]

By |2019-08-03T15:14:01+00:00August 3rd, 2019|EXPLOITS, PENTESTING|0 Comments

HTTP screenshots with Nmap, Chrome, and Selenium

HTTP screenshots with Nmap, Chrome, and Selenium Several months back I tweeted out a gist of a simple website screenshot python script I wrote as an attempt to fill a gap in tooling that I couldn't seem to find anywhere. The options I was presented with were either too complex, inconsistent, or outdated. [...]

By |2019-06-15T21:08:55+00:00June 11th, 2019|PENTESTING, SECURIFERA|3 Comments

BMC Patrol Agent – Domain User to Domain Admin

**Important -  thanks to a nice cease and desist letter from BMC, I am obliged to explicitly state that Securifera is in no way affiliated, sponsored, or endorsed with/by BMC. All graphics produced are in no way associated with BMC or it's products and were created solely for this blog post. All uses of [...]

By |2019-03-18T01:36:12+00:00December 17th, 2018|PENTESTING|1 Comment

Metasploit Community CTF 2018 Writeup

Last weekend I participated in the 2018 Metasploit Community CTF. It was a nice break from the Jeopardy style, exploitation heavy CTFs I tend to play in. The setup included two vulnerable VMs, 1 windows, 1 linux ( with a bunch of dockers), and one Kali attack VM. This was the first Metasploit CTF [...]

By |2018-12-10T07:25:59+00:00December 10th, 2018|CTF|0 Comments

AMD Gaming Evolved (Raptr – Plays.tv) Remote File Execution

Background For anyone running an AMD GPU from a few years back, you've probably come across a piece of software installed on your computer from Raptr, Inc. If you don't remember installing it, it's because for several years it was installed silently along-side your AMD drivers. The software was marketed to the gaming [...]

By |2018-10-07T23:38:07+00:00April 15th, 2018|EXPLOITS|0 Comments

Flare-On 4 Challenge 11 Writeup

Flare-On 4  Challenge 11 Writeup For the last several weeks, I've been working through this year's Flare-On competition put on by FireEye. There was a broad range of challenges across various technologies with varying degrees of difficulty. I got to try out a few new tools and really enjoyed working through [...]

By |2017-10-16T03:58:44+00:00October 16th, 2017|CTF|0 Comments

DEFCON CTF 2017 – Divided Writeup

DIVIDED A little over a month ago, LegitBS held the qualifier for this year's DEF CON CTF. As the competition was nearing a close, the organizers released an atypical pwnable challenge, a Windows binary. There are only a handful of CTFs that tend to release Windows exploitation challenges and there is minimal [...]

By |2017-06-18T04:21:26+00:00June 18th, 2017|CTF, EXPLOITS|0 Comments

A Less Dirty Cow

BACKGROUND I recently came across several RHEL 6.x systems during a penetration test our team was performing for a customer. We had gained user level access on these machines and began enumerating privilege escalation possibilities. Given the somewhat recent discovery of the Dirty Cow vulnerability and what appears to be a manual patching [...]

By |2017-01-29T23:46:20+00:00January 28th, 2017|EXPLOITS, PENTESTING|1 Comment