BMC Patrol Agent – Domain User to Domain Admin

Domain User to Domain Admin Knowing the difference between user authentication and authorization when designing secure software can be extremely important to avoid common security pitfalls. Often times application software vendors subvert the overall security imposed by the operating system and domain by not properly authenticating or checking the authorization of a user [...]

By |2019-01-18T17:37:28+00:00December 17th, 2018|PENTESTING|0 Comments

serviceFu

serviceFu In a recent assessment our team found itself in a somewhat new situation that resulted in a useful tool we wanted to share with the community. The assessment started with us gaining initial access into a customer's network. This particular customer had invested significant time and effort into [...]

By |2018-10-08T12:20:09+00:00October 7th, 2018|PENTESTING|0 Comments

A Less Dirty Cow

BACKGROUND I recently came across several RHEL 6.x systems during a penetration test our team was performing for a customer. We had gained user level access on these machines and began enumerating privilege escalation possibilities. Given the somewhat recent discovery of the Dirty Cow vulnerability and what appears to be a manual patching [...]

By |2017-01-29T23:46:20+00:00January 28th, 2017|EXPLOITS, PENTESTING|1 Comment

Smart Phishing – Defeating Email Sandboxes

I decided to mix things up a little bit and do a blog post on something a little different than the usual vulnerability research or CTF write-ups. The bulk of our day job is focused on performing long term external assessments on customer networks, so I thought it might be useful to [...]

By |2017-01-28T15:56:08+00:00September 26th, 2016|PENTESTING|0 Comments