- 17 Jan 2020
Misadventures in AWS
This article details manual techniques for AWS security assessment and privilege escalation during penetration testing. The approach involves generating temporary access keys for multiple AWS roles and systematically collecting data across different accounts using AWS CLI tools. The methodology demonstrates how an attacker with limited initial access can enumerate AWS resources, analyze IAM policies, and potentially escalate privileges within an AWS environment.
- 24 Dec 2019
Hackin' around the Christmas tree
A vulnerability was discovered in the Abis HD6000+ SMART Android projector that allows remote code execution on the local network. The vulnerability stems from an unauthenticated HTTP endpoint on port 9909 that enables command execution. An attacker can potentially escalate the attack to a wide-area network remote code execution scenario using WebRTC techniques.
- 20 Dec 2019
Opening Up the Samsung Q60 series smart TV
A technical analysis was conducted on the Samsung Q60 series smart TV, exploring its hardware, firmware, and network services through detailed reverse engineering techniques. The investigation involved board-level analysis, extracting and examining the eMMC flash memory, and investigating the proprietary VDFS filesystem. Multiple approaches were used to understand the TV's internal architecture, including examining debug ports, firmware upgrade processes, and network services.
-
Krzysztof Marciniak - 11 Dec 2019
Digital lockpicking - stealing keys to the kingdom
A security analysis of the KeyWe Smart Lock revealed critical vulnerabilities in its Bluetooth Low Energy communication protocol. The lock's in-house key exchange mechanism allows attackers to easily intercept and decrypt device communications by exploiting a predictable common key generation process. By analyzing the mobile application and BLE traffic, the vulnerability in the lock's cryptographic design was exposed.
- Craig Koorn
- 4 Dec 2019
AWS: Such auspices are very hard to read
awspx is a proof-of-concept tool designed to visualize and analyze complex AWS access management relationships. The tool helps identify potential attack paths by mapping out resource interactions and effective access within AWS cloud infrastructure. It addresses the challenge of understanding intricate AWS policy interactions by creating a graph-based representation of resource and action relationships.
- Ken Gannon
- 20 Nov 2019
Uncommon SQL Database Alert - Informix SQL Injection
An authenticated SQL injection vulnerability was discovered in the Cisco UCM administrative portal using Informix SQL. Custom techniques were developed to enumerate database tables, users, and sensitive information when standard SQLMap tools failed. The research involved creating specialized scripts to exploit the vulnerability by bypassing security restrictions in the database.
- 15 Nov 2019
Prince of the Honeycomb
A critical heap-buffer overflow vulnerability was discovered in Prince XML, a PDF conversion tool used by the Honeycomb application. The vulnerability was found through fuzzing and binary analysis of TIFF image parsing code. By crafting a malicious TIFF file, an attacker could potentially achieve remote command execution when processing specially crafted image files.
- 6 Nov 2019
OU having a laugh?
A novel attack technique exploits Group Policy Object (GPO) processing in Active Directory by manipulating the gpLink attribute. An attacker with OU modification rights can redirect GPO resolution to a rogue domain controller, potentially compromising computers and users within that OU. The attack leverages default Active Directory configurations and can be executed with minimal domain user permissions.
- 1 Nov 2019
Automating Pwn2Own with Jandroid
Jandroid is an automated tool designed to help identify potential logic bugs in Android applications. The tool uses configurable templates to analyze APK files, searching for specific patterns in Android manifests and code. By reducing manual analysis effort, Jandroid enables semi-automatic detection of exploitable vulnerabilities in mobile applications.
- Mateusz Fruba
- 21 Aug 2019
How Secure is your Android Keystore Authentication?
This article explores vulnerabilities in Android Keystore authentication mechanisms for local device security. Multiple security weaknesses were identified in how developers implement biometric and keystore authentication in Android applications. Frida scripts were developed to help security professionals audit and test the robustness of Android application authentication implementations.
- Oliver Simonnet
- 8 Aug 2019
Getting Real with XSS
This article provides a comprehensive guide to practical Cross-Site Scripting (XSS) attacks in modern web applications. It explores technical challenges such as innerHTML limitations, Content Security Policy (CSP) restrictions, and techniques for bypassing browser security controls. The guide demonstrates how to craft meaningful XSS payloads that go beyond simple alert demonstrations.
- 22 Feb 2019
3D Accelerated Exploitation
The presentation explores the 3D Acceleration feature in VirtualBox as a rich vulnerability research target. Open-source accessibility makes VirtualBox attractive for novice security researchers. The talk discusses exploitation primitives within 3D Acceleration that could potentially enable virtual machine escape without traditional shellcode execution.