Everlasting ROBOT: the Marvin Attack
Abstract. In this paper we show that Bleichenbacher-style attacks onRSA decryption are not only still possible, but also that vulnerable implementations are common. We have successfully attacked multiple implementations using only timing of decryption operation and shown thatmany others are vulnerable. To perform the attack…
A Hands-On Introduction To Insecure Deserialization
The OWASP Top Ten 2017 lists A8:2017-Insecure Deserialization as one of the Top Ten most critical security risks to web applications. This article aims at explaining the risk posed by a similar vulnerability and a typical attack vector against it, by hands-on approach. Before understanding…
Abusing COM & DCOM objects
IntroductionNowadays organization’s security members became familiar with most of popular lateral movements techniques, which makes red teaming more difficult, therefor applying the latest techniques of initial access and lateral movements is a crucial for a successful attack, in this paper we will cover some aspects…
Exploiting DLLs A guide to DLL Hijacking
Abstract As per the recent statistics available Windows still remains the most used operating system for digital devices. Almost 77% of the computers today run Windows operating system. With its GUI based implementation and ease of compatibility with most of the available software, Windows is…
SMB Enumeration & Exploitation & Hardening
IntroductionWhat is SMB?SMB (Server Message Block) is a network protocol for accessing files, printers and other deviceson the network. Server Message Block provides file sharing, network browsing, printing services,and interprocess communication over a network. Most usage of SMB involves computersrunning Microsoft Windows, where it was…
Bypass Certificate Pinning in modern Android application via custom Root CA
I. IntroductionThis document is intended to provide detailed instructions for bypass certificate pinning via custom Root CA. It covers all the required topics for understanding this method. The proof of concept will help visualize and perform bypass certificate pinning, specially in modern applications now and…
I Got My EyeOn You Security Vulnerabilities in D Link’s Baby Monitor
D-Link EyeOn Baby Monitor DCS-825L allows you to watch over your baby with HD video quality day or night and receive sound and motion alerts to notify you when your baby is restless or has woken up. You can soothe your baby to sleep with…
Active Directory DCSync
INTRODUCTIONIn many environments Domain Controller and Active Directory are used to manage the network, users and computers. The organizations often need the existence of more than one Domain Controller for its Active Directory. For keeping an environment with more than one Domain Controller consistent, it…
From Zero Credentials to Full Domain Compromise
INTRODUCTIONThis paper will cover techniques a pen-testers can use in order to accomplishinitial foothold on target networks and achieve full domain compromise withoutexecuting third party apps or reusing clear text credentisla. We will utilize how adefault Windows environment acts when IPv6 is enabled (which is…
CVE 2017-5689 Manually Exploiting Intel AMT Vulnerability
I. Introduction Intel AMT i.e. Intel Active Management Technology is a firmware that allows remote access to a computer’s hardware. It is intended for system admins to remotely fix, manage, update certain business computers, desktops, servers, and even smart vending machines. This technology is largely…
Stay connected