Synack – Red Vs Fed Competition 2020

Preface Obligatory statement: This blog post is in no way affiliated, sponsored, or endorsed with/by Synack, Inc. All graphics are being displayed under fair use for the purposes of this article. Over the last few months Synack has been running a user engagement based competition called Red vs Fed. As can be deduced [...]

By |2020-06-26T17:10:43+00:00June 25th, 2020|BUG BOUNTY, EXPLOITS, PENTESTING|0 Comments

A Year of Windows Privilege Escalation Bugs

A Year of Windows Privilege Escalation Bugs Earlier last year I came across an article by Provadys (now Almond) highlighting several bugs they had discovered based on research by James Forshaw of Google's Project Zero. The research focused on the exploitation of Windows elevation of privilege (EOP) vulnerabilities using NTFS [...]

By |2020-06-13T12:05:12+00:00March 12th, 2020|BUG BOUNTY, EXPLOITS, PENTESTING|0 Comments

PreAuth RCE on Palo Alto GlobalProtect Part II (CVE-2019-1579)

Background Before I get started I want to clearly state that I am in no way affiliated, sponsored, or endorsed with/by Palo Alto Networks. All graphics are being displayed under fair use for the purposes of this article. I recently encountered several unpatched Palo Alto firewall devices during a routine red team [...]

By |2019-09-18T02:36:51+00:00September 10th, 2019|BUG BOUNTY, EXPLOITS|0 Comments