reversing radare2

Radare2 - Using Emulation To Unpack Metasploit Encoders

Radare2 is an open source reverse engineering framework, and is quickly becoming one of my favourite tools when picking apart malware or looking at CTF binaries. I was recently introduced to Radare’s ESIL (Evaluable Strings Intermediate Language), which is a way of representing instructions in a forth like language, and allows emulation of machine instructions in Radare’s ESIL VM. To help understand this functionality, lets look at some examples from the radare2 book

Read More »
exploit docker

Windows Server 2016 / Docker Privilege Escalation

After catching Microsoft's talk at DockerCon discussing the recent addition of Docker container support in Windows Server 2016, I wanted to play around with the technology with the aim of understanding how this could be leveraged during a security assessment. Before starting, I first had to configure Windows Server to support Docker containers. This was pretty painless using the following steps

Read More »
exploit kentico

Kentico CMS (< 9.0.42) SQLi

Kentico CMS is a web content management system for building websites, e-commerce stores and numerous other web applications in ASP.NET. During a review of the CMS in a lab environment, I came across a SQL injection vulnerability which was interesting due to the complicated regex check which is used to try and prevent this kind of exploit. Kentico CMS supports the ability for users to query a website via a REST based API. Whilst varying levels of authorisation are used to restrict access, a num

Read More »
forensics

Offensive Forensics - Recovering Files

At the moment, I've been looking at post exploitation methods, weather that is gaining persistance, extracting hashes, or finding additional pivot points. One area that I'm quickly becoming interested in is applying basic forensics techniques to help recover data during an assessment. One framework that can help with this, is PowerForensics. This framework comes with a number of interesting options, but the one which is useful for recovered deleted

Read More »
exploit github

Github Desktop - DOM XSS

I’ve always enjoyed “unusual” vulnerabilities, either bugs that you never knew were exploitable, or just funny quirks which lead to a vulnerability. My recent finding within the Github Desktop for OSX ticked a few of those boxes, allowing me to trigger cross-site scripting in a desktop application. The vulnerability is present due to the use of the Chromium Embedded Framework, which is used by the comparison graph you see at the top of the windo

Read More »
Prev Page | Next Page