RegreSSHion OpenSSH Vulnerability | Impact Analysis
Read The NetSPI Agent’s take on the impact and exploitability of the regreSSHion OpenSSH vulnerability that could lead to unauthenticated RCE.| NetSPI
Read The NetSPI Agent’s take on the impact and exploitability of the regreSSHion OpenSSH vulnerability that could lead to unauthenticated RCE.| NetSPI
Vulnerability scanners using password-based auth can leak credentials and enable lateral movement. Learn risks, attack techniques, and hardening steps.| Praetorian
TLDR I was unable to find some good writeups/blogposts on Windows user mode heap exploitation which inspired me to write an introductory but practical post on Windows heap internals and exploitati| mrT4ntr4's Blog
Overview At Black Hat and DEF CON, we demonstrated how red teams could tunnel traffic through everyday collaboration platforms like Zoom and Microsoft Teams, effectively transforming them into covert communication channels for command-and-control. That research highlighted a critical blind spot: defenders rarely block traffic to core business services because doing so would disrupt legitimate operations. […] The post Domain Fronting is Dead. Long Live Domain Fronting! appeared first on Prae...| Praetorian
---| mrT4ntr4's Blog
Overview The Praetorian Labs team recently conducted research into potential initial access vectors for red team engagements, focusing on attack techniques leveraging malicious applications distributed through platforms like the Microsoft Store. This included OAuth applications, malicious Outlook extensions, and other types of applications that could be delivered via the Windows Store. As part of this […] The post OAuthSeeker: Leveraging OAuth Phishing for Initial Access and Lateral Movemen...| Praetorian
During summer 2024, I went on holiday and encountered multiple virtual reality (VR) arcades containing a vulnerability which allowed me to breakout and pop a Windows command prompt on the arcade machine.| McCaulay
In penetration testing and red teaming, success often lies in uncovering hidden paths of least resistance. While sophisticated exploits and zero-days frequently capture headlines, highly effective attack opportunities often hide in plain sight – like within internal logging and monitoring platforms. At Praetorian, we’ve observed first-hand the value of targeting internal logging and monitoring platforms […]| Praetorian
Some months ago, while analyzing a […]| hn security
“So we wait, this is our […]| hn security
“Rebels on the rise, we have […]| hn security
In the previous article, we discussed […] The post CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis – Part 2 appeared first on hn security.| hn security
CVE-2024-49138 is a Windows vulnerability detected […]| hn security
In the last part of this […]| hn security
Part 1 of the x86_64 assembly crash course for people looking to learn how to reverse engineer, read assembly, and understand how exploits work.| Reverse Engineering
If you ever used Process Monitor to track activity of a process, you might have encountered the following pattern: The image above is a snippet from events captured by Process Monitor during the execution of x32dbg.exe on Windows 7. DNSAPI.DLL and IPHLPPAPI.DLL are persisted in the System directory, so you might question yourself: Why would …The DLL Search Order And Hijacking It Read More »| Malware and Stuff
The following multi-part blog series will cover how I (McCaulay Hudson) developed the mast1c0re exploit on both the PlayStation 4 and PlayStation 5.| McCaulay
