Synack – Red Vs Fed Competition 2020

Preface Obligatory statement: This blog post is in no way affiliated, sponsored, or endorsed with/by Synack, Inc. All graphics are being displayed under fair use for the purposes of this article. Over the last few months Synack has been running a user engagement based competition called Red vs Fed. As can be deduced [...]

By |2020-06-26T17:10:43+00:00June 25th, 2020|BUG BOUNTY, EXPLOITS, PENTESTING|0 Comments

A Year of Windows Privilege Escalation Bugs

A Year of Windows Privilege Escalation Bugs Earlier last year I came across an article by Provadys (now Almond) highlighting several bugs they had discovered based on research by James Forshaw of Google's Project Zero. The research focused on the exploitation of Windows elevation of privilege (EOP) vulnerabilities using NTFS [...]

By |2020-06-13T12:05:12+00:00March 12th, 2020|BUG BOUNTY, EXPLOITS, PENTESTING|0 Comments

POC or Stop The Calc Popping Videos – CVE-2017-9830 – CVE-2019-7839

POC or STOP THE CALC POPPING VIDEOS As a red teamer / penetration tester / bug bounty hunter, I get exposed to a wide range of software products while performing customer engagements. Often times we find systems running outdated or unpatched services with publicly disclosed vulnerabilities only to find a video popping [...]

By |2019-08-03T15:14:01+00:00August 3rd, 2019|EXPLOITS, PENTESTING|0 Comments

HTTP screenshots with Nmap, Chrome, and Selenium

HTTP screenshots with Nmap, Chrome, and Selenium Several months back I tweeted out a gist of a simple website screenshot python script I wrote as an attempt to fill a gap in tooling that I couldn't seem to find anywhere. The options I was presented with were either too complex, inconsistent, or outdated. [...]

By |2020-01-15T20:33:40+00:00June 11th, 2019|PENTESTING, SECURIFERA|5 Comments

BMC Patrol Agent – Domain User to Domain Admin

**Important -  thanks to a nice cease and desist letter from BMC, I am obliged to explicitly state that Securifera is in no way affiliated, sponsored, or endorsed with/by BMC. All graphics produced are in no way associated with BMC or it's products and were created solely for this blog post. All uses of [...]

By |2019-03-18T01:36:12+00:00December 17th, 2018|PENTESTING|1 Comment

serviceFu

serviceFu In a recent assessment our team found itself in a somewhat new situation that resulted in a useful tool we wanted to share with the community. The assessment started with us gaining initial access into a customer's network. This particular customer had invested significant time and effort into [...]

By |2018-10-08T12:20:09+00:00October 7th, 2018|PENTESTING|0 Comments

A Less Dirty Cow

BACKGROUND I recently came across several RHEL 6.x systems during a penetration test our team was performing for a customer. We had gained user level access on these machines and began enumerating privilege escalation possibilities. Given the somewhat recent discovery of the Dirty Cow vulnerability and what appears to be a manual patching [...]

By |2017-01-29T23:46:20+00:00January 28th, 2017|EXPLOITS, PENTESTING|1 Comment

Smart Phishing – Defeating Email Sandboxes

I decided to mix things up a little bit and do a blog post on something a little different than the usual vulnerability research or CTF write-ups. The bulk of our day job is focused on performing long term external assessments on customer networks, so I thought it might be useful to [...]

By |2017-01-28T15:56:08+00:00September 26th, 2016|PENTESTING|0 Comments