POC or STOP THE CALC POPPING VIDEOS As a red teamer / penetration tester / bug bounty hunter, I get exposed to a wide range of software products while performing customer engagements. Often times we find systems running outdated or unpatched services with publicly disclosed vulnerabilities only to find a video popping [...]
Background For anyone running an AMD GPU from a few years back, you've probably come across a piece of software installed on your computer from Raptr, Inc. If you don't remember installing it, it's because for several years it was installed silently along-side your AMD drivers. The software was marketed to the gaming [...]
DIVIDED A little over a month ago, LegitBS held the qualifier for this year's DEF CON CTF. As the competition was nearing a close, the organizers released an atypical pwnable challenge, a Windows binary. There are only a handful of CTFs that tend to release Windows exploitation challenges and there is minimal [...]
BACKGROUND I recently came across several RHEL 6.x systems during a penetration test our team was performing for a customer. We had gained user level access on these machines and began enumerating privilege escalation possibilities. Given the somewhat recent discovery of the Dirty Cow vulnerability and what appears to be a manual patching [...]
During a recent vulnerability assessment for a customer, I ran across an interesting web server while enumerating network enabled devices. Navigating to the web server presented the management interface for a Meinberg NTP Time Server. This particular hardware appliance was used to provide an accurate time source for time-sensitive applications and hardware components while [...]
While performing security assessments, we often come across software that allows administrators to remotely manage systems on their network. There are dozens of different packages available, with varying benefits and drawbacks. With this convenience comes the obvious security implications that come from allowing remote access to a system. [...]
Before I dive deep into a technical write-up, I first wanted to give a quick summary of what this post is going to cover for those that may want to skip around. This article is in reference to the disclosure posted here. I'm going to start by reviewing past work [...]
I recently presented "Software Vulnerability Discovery and Exploitation during Red Team Assessments" at BSides Charleston 2015 and wanted to give others the ability to follow along with the slides by testing the POC against their own virtual environment. The slides can be found on slideshare here. The [...]
