Labs

Take a look at our tools, presentations, and policies.

Advisories

Slides

Tools

Inzure Blog + Tool
Mallory

Disclosure Policy

Coordinated Disclosure

Whitepapers

Abusing WebViews to Steal Files via Email

by Jesson Soto Ventura | August 19, 2019 | Android, Disclosures, Exploits, Labs, Mobile | 0 Comments

A few months ago, I was testing the email functionality on a company's contact us page, when I sent an email to myself containing: <script> alert("Hi, It's almost lunch time") </script> It actually was close to lunch time, so I wrapped up testing and waited for...

Credentialed Windows Remote Code Execution techniques

by Ángel Suárez-Bárcena Martín | Feb 17, 2022 | Exploits, Featured, Labs, News, Newsletter, Techniques, Uncategorized

In this article, we’ll discuss some of the different ways we can execute arbitrary code or commands when we have already obtained Windows domain credentials, either in their plaintext form (user + password) or NTLM hashes. Even though the techniques described here are...

How we use BloodHound, and how it can help defenders: 3 ways IT analysts could use BloodHound to improve Windows domain security

by Austin Ralls | Jan 10, 2022 | Labs, News, Techniques, Tools

BloodHound, available at bloodhound.readthedocs.io, maps Windows Active Directory permissions to a graph database that lets users trace attack paths using a GUI and a query system. To make that more concrete, BloodHound can answer questions such as: Who is allowed to...

Scanning SMB shares with SMBLS

by Austin Ralls | Nov 3, 2021 | Labs, News, Techniques, Tools, Uncategorized

In Carve's internal engagement service line, we simulate an attacker on a corporate network, which is usually Windows-based. We use a variety of tools to gather information, but we were frustrated by reliability, performance and logging of tools dealing with scanning...

The 5 Most Common GraphQL Security Vulnerabilities

by Aidan Noll | Apr 16, 2020 | Exploits, Labs, News, Techniques, Tools

Intro - GraphQL GraphQL (GQL) is a popular data query language that makes it easier to get data from a server to a client via an API call. GQL is commonly deployed as a critical piece of the technology stack for modern web and mobile applications, and as a result,...

Rule-Based Highlighter Plugin for BurpSuite

by Ángel Suárez-Bárcena Martín | Feb 18, 2020 | Labs, Techniques, Tools, Web

BurpSuite is one of those must-have tools when dealing with web application or API security assessments. Usually, when proxying applications through Burp, a fair amount of noise (advertising and user-tracking 3rd party services, CORS preflight checks, etc.) is also...

Owning a device with a single jump

by Danny Rosseau | Jan 13, 2020 | Exploits, IOT, Labs

Back when I first read about this thing called “hacking” I thought I’d be spending all my days overflowing NSA buffers with plagiarized shell code and going by some cool hacker name like “1337BadGeR”. Sadly for me, upon entering the actual world, I had to get back in...

« Older Entries