Collaborate Disseminate
I was on an engagement where I simply could not elevate privileges, so I had to become creative and look deep into my old bucket (bucket being my head) of knowledge, and this resulted in some fun stuff. I had found that the client had a vulnerable certificate template also known as ESC1 that allowed…
The post Diving into pre-created computer accounts appeared first on TrustedSec.
I was on an engagement where I simply could not elevate privileges, so I had to become creative and look deep into my old bucket (bucket being my head) of knowledge, and this resulted in some fun stuff. I had found that the client had a vulnerable certificate template also known as ESC1 that allowed…
The post Diving into pre-created computer accounts appeared first on TrustedSec.
Intro Now that BOFs are commonplace for Windows agents, some people have talked about wanting a non-Windows only version. In this blog post, we’ve got something for you: the same thing but for Linux/Mac. The process of building in memory loaders are the same, no matter the file format type. In this case, we’ll just…
The post ELFLoader: Another In Memory Loader Post appeared first on TrustedSec.
With the leaking of code signing certificates and exploits for vulnerable drivers becoming common occurrences, adversaries are adopting the kernel as their new playground. And with Microsoft making technologies like Virtualization Based Security (VBS) and Hypervisor Code Integrity (HVCI) available, I wanted to take some time to understand just how vulnerable endpoints are when faced…
The post g_CiOptions in a Virtualized World appeared first on TrustedSec.
XSS Iframe Traps Longer Running XSS Payloads An issue with cross-site scripting (XSS) attacks is that our injected JavaScript might not run for an extended period of time. It may be a reflected XSS vulnerability where we’ve tricked our user into clicking a link, but when they land on the page where we were able…
The post Persisting XSS With IFrame Traps appeared first on TrustedSec.
On March 29, 2022, a security researcher with the handle p1n93r disclosed a Spring Framework remote code execution (RCE) vulnerability, which was archived by vx-underground. This vulnerability, known as Spring4Shell, affects applications that use JDK v9 or above that run Apache Tomcat as the Servlet Container in a WAR package and use dependencies of the…
The post CVE 2022-22965 (Spring4Shell) Vulnerability appeared first on TrustedSec.
Continue reading CVE 2022-22965 (Spring4Shell) Vulnerability
When investigating my laptop, I stumbled upon something interesting that resulted in privilege escalation. I use a Lenovo ThinkPad X1 Extreme Gen 1, which has an installed software named Glance, for my day-to-day work. The purpose of this software is to use the advanced web camera to figure out if you are speaking when the…
The post CVE-2022-24696 – Glance by Mirametrix Privilege Escalation appeared first on TrustedSec.
Continue reading CVE-2022-24696 – Glance by Mirametrix Privilege Escalation
Introduction When doing an Internal Penetration Test, it is not uncommon to run BloodHound at one point or another. In case you are not familiar with BloodHound, it’s a tool that automatically fires off a bunch of LDAP queries and Windows API calls to collect various data in an Active Directory environment. Data can range…
The post Expanding the Hound: Introducing Plaintext Field to Compromised Accounts appeared first on TrustedSec.
Continue reading Expanding the Hound: Introducing Plaintext Field to Compromised Accounts
Disclaimer: To set up a secure Python server, we need a domain name that we can access. 1. Introduction At some point during penetration testing, bug hunting, and capture the flag competitions, we will likely need to download a file or send a request to a server that we can access. Depending on what we…
The post Avoiding Mixed Content Errors with an HTTPS Python Server appeared first on TrustedSec.
Continue reading Avoiding Mixed Content Errors with an HTTPS Python Server
Technology changes and defenses get better, but some things stay the same—like human gullibility, which can be easily exploited through social engineering. What is social engineering? Social engineering, at its core, is taking advantage of human nature. Humans are innately trusting, often try to help, and want to avoid confrontation. A big facet of social…
The post Social Engineering Basics: How to Win Friends and Infiltrate Businesses appeared first on TrustedSec.
Continue reading Social Engineering Basics: How to Win Friends and Infiltrate Businesses