0161 513 0960
ExploitDev: WOOCOMMERCE PHP Object Injection
RIPS published details for a PHP object injection vulnerability affecting the WooCommerce WordPress...
Using NetBeans GUI Designer to Make Pretty Burp Extenders
In this tutorial I will provide you with a straightforward process that will get you in a position...
Using Machine Account Passwords During an Engagement
Introduction Of the many advancements in red teaming over the last 12 months, the development of...
Uploading Files to RDP, NVC, or Anywhere You Can Type
RDPUpload is a tool which implements an old technique for uploading files in python. There is...
SSRS Attacks Part 2 - Building an Empire
In part 1, we looked at dynamically extracting table data from a compromised SSRS server. We...
SSRS Attacks Part 1 - Dynamic Data Extraction
SQL Server Reporting Services (SSRS) is a reporting engine designed to allow creation, publication...
SoHopelessly Broken 0-day Strategy
In July we sent 4 of our team to Defcon with the intention of tackling whatever contests we could...
Setting Service Principal Names to Roast Accounts
As a continuation of our previous post, we wanted to discuss another technique that can help during...
Pandwarf in a KALI VM on a Windows Host
Secarma are getting more requests from customers for product reviews, radio frequency analysis and...
Is Dynamic Data Exchange (DDE) Injection a Thing?
This month our old friend Dynamic Data Exchange (DDE) within Microsoft’s office suite has been...
In (Zero) Days Gone By - Part 1 - Magento Unauthenticated SQLI (CVE-2011-4781)
Theorizing that one could dredge up old vulnerabilities and blog about them, Sam Thomas stepped...
INDUSTROYERS
Recently the world was introduced to ‘Industroyer‘, a malware variant with a focus on compromising...
