-
Riccardo Ancarani - 24 Jun 2020
Attack Detection Fundamentals: Initial Access - Lab #4
This article demonstrates creating a malicious Excel 4.0 Macro with Metasploit shellcode to obtain remote access on a Windows system. The lab walks through generating a Meterpreter payload, setting up a Metasploit listener, and executing the malicious macro. Memory forensics techniques using Volatility are explored to analyze the compromised host and detect stealthy code injection methods.
- 11 Jun 2020
Abusing access to mount namespaces through /proc/pid/root
Linux namespaces can be abused for privilege escalation in containerized environments. Two key attack vectors are demonstrated: creating block devices in Docker containers to bypass access controls and exploiting symlink vulnerabilities through mount and user namespaces. The research highlights potential security risks in container configurations and namespace implementations.
- 20 May 2020
Releasing the CAPTCHA Cracken
A tool called CAPTCHA Cracken was developed to bypass text-based CAPTCHAs on an Outlook Web App portal. Advanced image preprocessing techniques and browser automation with Pyppeteer were used to overcome significant CAPTCHA recognition challenges. The project demonstrated the vulnerability of traditional text-based CAPTCHAs to machine learning-based automated attacks.
- 15 May 2020
Internet Exploiter: Understanding vulnerabilities in Internet Explorer
This article provides a deep technical analysis of CVE-2020-0674, a use-after-free vulnerability in Internet Explorer's legacy JScript engine. The analysis explores the internal mechanics of the JScript interpreter, garbage collection process, and demonstrates complex exploitation techniques to bypass security mitigations. The research reveals how an attacker could potentially execute arbitrary code by manipulating memory management in the legacy JavaScript engine.
- 6 May 2020
U-Booting securely
This whitepaper analyzes security vulnerabilities and misconfigurations in U-Boot for embedded systems. It provides guidance to developers on securing hardware products against potential security compromises. The analysis is based on real-world research by hardware security experts investigating secure boot implementations.
- 1 May 2020
Bypassing Windows Defender Runtime Scanning
This article details techniques for bypassing Windows Defender's runtime memory scanning by exploiting memory permission limitations. A method was developed using PAGE_NOACCESS memory permissions to prevent detection during suspicious API calls. A custom Metasploit extension called Ninjasploit was created to implement these bypass techniques.
-
Calum Hall Luke Roberts - 17 Apr 2020
Jamfing for Joy: Attacking macOS in Enterprise
The article details multiple attack vectors against Jamf, a macOS enterprise management platform. Multiple techniques for compromising device management systems are explored, including password spraying, user enumeration, and policy abuse. An open-source Jamf Attack Toolkit was developed to demonstrate and facilitate these cybersecurity vulnerabilities.
- Emilian Cebuc
- 27 Mar 2020
How are we doing with Android's overlay attacks in 2020?
Android's Accessibility Services (AAS) can be exploited by malicious apps to perform dangerous actions on a user's device. These actions include keylogging, auto-granting permissions, reading screen content, and performing automated interactions with other apps. The article demonstrates how a malicious app can leverage AAS to potentially steal sensitive information and perform unauthorized actions without user detection.
- 10 Mar 2020
Making Donuts Explode – Updates to the C3 Framework
The C3 framework's "Exploding Donut" release introduces significant updates to cybersecurity operations. Key improvements include integration with the Covenant C2 framework and Donut for compressed shellcode generation. The ChannelLinter project was added to simplify channel development for cybersecurity professionals.
- Robert Bearsby Timo Hirvonen
- 14 Feb 2020
Rethinking Credential Theft
Physmem2profit is a novel red team tool for credential theft that bypasses traditional LSASS process monitoring. The tool allows remote extraction of credential material by exposing and analyzing physical memory without directly interacting with the LSASS process. It provides an alternative approach to credential theft by leveraging memory forensics techniques on Windows systems.
- Andrea Barisani
- 11 Feb 2020
TamaGo
TamaGo is a Go-based framework for developing secure embedded system firmware without C dependencies or complex operating systems. It provides a minimal runtime with direct hardware drivers for specific System-on-Chip platforms, enabling Go applications to run directly on bare metal hardware. The framework aims to reduce firmware attack surfaces by eliminating traditional low-level code complexities.
- Oliver Simonnet
- 7 Feb 2020
Forging SWIFT MT Payment Messages for fun and pr... research!
A proof-of-concept attack demonstrated how a fraudulent SWIFT MT103 payment message could be forged and injected directly into a message queue. By leveraging system trust relationships and compromising a Message Queue administrator's access, a payment message could be introduced upstream in the payment processing system. The attack bypassed traditional security controls by targeting the message queue infrastructure rather than payment operators or application interfaces.