ExploitDev: WOOCOMMERCE PHP Object Injection

RIPS published details for a PHP object injection vulnerability affecting the WooCommerce WordPr...

Using NetBeans GUI Designer to Make Pretty Burp Extenders

In this tutorial I will provide you with a straightforward process that will get you in a position t...

Using Machine Account Passwords During an Engagement

Introduction Of the many advancements in red teaming over the last 12 months, the development of Bl...

Uploading Files to RDP, NVC, or Anywhere You Can Type

RDPUpload is a tool which implements an old technique for uploading files in python. There is nothin...

SSRS Attacks Part 2 – Building an Empire

In part 1, we looked at dynamically extracting table data from a compromised SSRS server. We covere...

SSRS Attacks Part 1 – Dynamic Data Extraction

SQL Server Reporting Services (SSRS) is a reporting engine designed to allow creation, publication a...

SoHopelessly Broken 0-day Strategy

In July we sent 4 of our team to Defcon with the intention of tackling whatever contests we could fi...

Setting Service Principal Names to Roast Accounts

As a continuation of our previous post, we wanted to discuss another technique that can help during...

Pandwarf in a KALI VM on a Windows Host

Secarma are getting more requests from customers for product reviews, radio frequency analysis and h...

Is Dynamic Data Exchange (DDE) Injection a Thing?

This month our old friend Dynamic Data Exchange (DDE) within Microsoft’s office suite has been pop...

In (Zero) Days Gone By – Part 1 – Magento Unauthenticated SQLI (CVE-2011-4781)

Theorizing that one could dredge up old vulnerabilities and blog about them, Sam Thomas stepped into...

INDUSTROYERS

Recently the world was introduced to ‘Industroyer‘, a malware variant with a focus on compromisi...