privilege escalation SrClient DLL Hijacking: a Windows Server 2012 0-day that won't be patched This blog discusses a DLL hijacking vulnerability affecting all versions of Windows Server 2012 (but not Server 2012 R2). This 0-day vulnerability can be exploited for privilege escalation by any regular user and does not require a system reboot, yet it will not be patched by Microsoft.
research What’s in a (re)name: RCE Hunting in CMSs via Unrestricted File Upload Earlier this year, our threat researcher found three easily exploitable vulnerabilities in CMS apps, including two that could result in remote code execution (RCE). This article combines write-ups for these vulnerabilities.
research When the PATH to SYSTEM is wide open: Philips SmartControl DLL hijacking (CVE-2020-7360) Earlier this year our threat researcher found a DLL hijacking flaw affecting Philips SmartControl (CVE-2020-7360). Our latest blog post combines a write-up of this vulnerability with a general introduction to DLL hijacking for infosec students.
penetration testing Avoiding SMB Rate Limits During Authentication Attacks Here's a quick workaround for when you get rate limited during a password attack against the SMB service.
ciso Automated Penetration Testing: 5 Benefits for CISOs Automation is a potential game-changer for offensive security in 2020. Let's explore some of the benefits for CISOs.
penetration testing Penetration testing... on a new level vPenTest simplifies the process of identifying new threats within your environment on an on-going basis without the traditional challenges and concerns.
post-exploitation Post-Exploitation with Leprechaun Finding valuable data during post-exploitation can be a challenge. Leprechaun helps solve this problem.
penetration testing Taking Over IPv6 Networks Let's take a deeper look at how rogue DHCPv6 servers can lead to a successful attack against IPv6 networks.
physical security Preparing for Your First Physical Penetration Test Conducting a physical penetration test for the first time can be an intimidating process. Read more on how to properly prepare.
