AMD Gaming Evolved (Raptr – Remote File Execution

Background For anyone running an AMD GPU from a few years back, you've probably come across a piece of software installed on your computer from Raptr, Inc. If you don't remember installing it, it's because for several years it was installed silently along-side your AMD drivers. The software was marketed to the gaming [...]

By |2018-10-07T23:38:07+00:00April 15th, 2018|EXPLOITS|0 Comments

DEFCON CTF 2017 – Divided Writeup

DIVIDED A little over a month ago, LegitBS held the qualifier for this year's DEF CON CTF. As the competition was nearing a close, the organizers released an atypical pwnable challenge, a Windows binary. There are only a handful of CTFs that tend to release Windows exploitation challenges and there is minimal [...]

By |2017-06-18T04:21:26+00:00June 18th, 2017|CTF, EXPLOITS|0 Comments

A Less Dirty Cow

BACKGROUND I recently came across several RHEL 6.x systems during a penetration test our team was performing for a customer. We had gained user level access on these machines and began enumerating privilege escalation possibilities. Given the somewhat recent discovery of the Dirty Cow vulnerability and what appears to be a manual patching [...]

By |2017-01-29T23:46:20+00:00January 28th, 2017|EXPLOITS, PENTESTING|1 Comment

Time To Patch: RCE on Meinberg NTP Time Server

During a recent vulnerability assessment for a customer, I ran across an interesting web server while enumerating network enabled devices.  Navigating to the web server presented the management interface for a Meinberg NTP Time Server. This particular hardware appliance was used to provide an accurate time source for time-sensitive applications and hardware components while [...]

By |2016-10-12T16:53:58+00:00July 17th, 2016|EXPLOITS|0 Comments

Fun with Remote Controllers – Dameware Mini Remote Control (CVE-2016-2345)

While performing security assessments, we often come across software that allows administrators to remotely manage systems on their network. There are dozens of different packages available, with varying benefits and drawbacks. With this convenience comes the obvious security implications that come from allowing remote access to a system. [...]

By |2016-10-12T16:53:59+00:00April 3rd, 2016|EXPLOITS|1 Comment

MEDCIN Engine Exploitation – Part 2 (CVE-2015-2898-2901, CVE-2015-6006)

Before I dive deep into a technical write-up, I first wanted to give a quick summary of what this post is going to cover for those that may want to skip around. This article is in reference to the disclosure posted here. I'm going to start by reviewing past work [...]

By |2016-10-12T16:53:59+00:00January 6th, 2016|EXPLOITS|0 Comments

BSIDES Charleston 2015 – IAVA 2015-A-0127 Walkthrough and POC Exploit

I recently presented "Software Vulnerability Discovery and Exploitation during Red Team Assessments" at BSides Charleston 2015 and wanted to give others the ability to follow along with the slides by testing the POC against their own virtual environment. The slides can be found on slideshare here. The [...]

By |2016-10-12T16:53:59+00:00November 17th, 2015|EXPLOITS|2 Comments