Author: Nils Emmerich| insinuator.net
The VERTIV Avocent AutoView switches are analog keyboard, video, and mouse (KVM) switches used in data center servers. They also expose a web server in the network, which allows for some configuration. During a penetration test for a customer, a device of this type was identified in the infrastructure and analyzed, revealing an authentication bypass in the web application. The applic ...| Insinuator.net
With the rise of AI assistance features in an increasing number of products, we have begun to focus some of our research efforts on refining our internal detection and testing guidelines for LLMs by taking a brief look at the new AI integrations we discover. Alongside the rise of applications with LLM integrations, an increasing […]| Insinuator.net
We are back from Black Hat USA, where we presented our research on Windows Hello for Business (Slides) once more. In the last two blog posts, we have discussed the architecture of WHfB and past attacks, as well as how the database works and how to swap identities in the database. First, a few words regarding my experience at Black Hat: for me, it was the first time attending the confere ...| Insinuator.net
The #TROOPERS25 'AD & Entra ID Security' track was a blast – as was the whole conference ;-) – bringing together some of the smartest researchers in the field and a great audience of practitioners willing to share their experiences during the roundtable. The slides of the talks have been released in the interim on the TROOPERS website, but since many speakers published additional blogpost ...| Insinuator.net
The purpose of this blog post is to explain how Secure Boot works. In particular, we will explain where current implementations of Secure Boot by Linux distributors fall short compared to Microsoft Windows and Apple macOS. Major distributors like Canonical, Debian, openSUSE, and Red Hat place a high priority on making their operating systems work out of the box. Given the current Linux land ...| Insinuator.net
The purpose of this blog post is to explain how Secure Boot works. In particular, we will explain where current implementations of Secure Boot by Linux distributors fall short compared to Microsoft Windows and Apple macOS.| insinuator.net
In the last blog post, we discussed the full authentication flow using Windows Hello for Business (WHfB) with face recognition to authenticate against an Active Directory with Kerberos and showcased existing and new vulnerabilities. In this blog post, we dive into the architectural challenges WHfB faces and explore how we can exploit them. The majority […]| Insinuator.net
Many Linux hardening guides focus on well-known protections: full-disk encryption, Secure Boot, and password-protected bootloaders. While these measures are critical, they often overlook a subtle but serious attack vector: the ability to drop into a debug shell via the Initial RAM Filesystem (initramfs). This oversight can enable an attacker with brief physical access to bypass conventional bo ...| Insinuator.net
Windows Hello for Business is a key component of Microsoft’s passwordless authentication strategy. It enables user authentication not only during system sign-in but also in conjunction with new and advanced features such as Personal Data Encryption, Administrator Protection, and Recall. Rather than depending on traditional passwords, Windows Hello leverages a PIN or biometric methods – […]| Insinuator.net
Nils Emmerich | Insinuator.net
Important note: Some media coverage on this topic falsely or inaccurately depicts the attack conditions. To be clear: Any vulnerable device can be compromised if the attacker is in Bluetooth range. During our research on Bluetooth headphones and earbuds, we identified several vulnerabilities in devices that incorporate Airoha Systems on a Chip (SoCs). In this blog post, we briefly want ...| Insinuator.net
