by Dylan Ross | Sep 29, 2022 | Exploits, News, Web
During a security assessment, we sometimes need to think outside of the box in order to find interesting and impactful exploits. To aid us in this, we can use protocol standards as a roadmap to assumptions that may be built into a piece of software. Oftentimes,...
by Ángel Suárez-Bárcena Martín | Feb 17, 2022 | Exploits, Featured, Labs, News, Newsletter, Techniques, Uncategorized
In this article, we’ll discuss some of the different ways we can execute arbitrary code or commands when we have already obtained Windows domain credentials, either in their plaintext form (user + password) or NTLM hashes. Even though the techniques described here are...
by Roman Faynberg | Apr 12, 2021 | Exploits, Featured, News, Techniques
You might have taken all the right steps to secure a corporate Windows workstation: your users are not running as local admins, endpoint protection is in place, service ACLs and file permissions are locked down, etc. Yet there is still a frequently overlooked...
by Aidan Noll | Apr 16, 2020 | Exploits, Labs, News, Techniques, Tools
Intro – GraphQL GraphQL (GQL) is a popular data query language that makes it easier to get data from a server to a client via an API call. GQL is commonly deployed as a critical piece of the technology stack for modern web and mobile applications, and as a...
by Danny Rosseau | Jan 13, 2020 | Exploits, IOT, Labs
Back when I first read about this thing called “hacking” I thought I’d be spending all my days overflowing NSA buffers with plagiarized shell code and going by some cool hacker name like “1337BadGeR”. Sadly for me, upon entering the actual world, I had to get back in...
by Danny Rosseau | Aug 22, 2019 | Android, Exploits, IOT, Labs, Mobile, Techniques
When this Project Zero report came out I started thinking more about USB as an interesting attack surface for IoT devices. Many of these devices allow users to plug in a USB and then perform some actions with that USB automatically, and that automatic functionality...
