As presented in our previous post exploring AV self-protection, the ability for an attacker to hide or protect software by leveraging protection features has become extremely interesting to me. With this in mind, I wanted to look at just how SIP bypasses were performed... enter VirtualBox.... Read More »
You’ve completed your recon, and found that your target is using MacOS… what next? With the increased popularity of MacOS in the enterprise, we are often finding that having phishing payloads targeting only Microsoft Windows endpoints is not enough during a typical engagement. With this in mind, I wanted to find an effective method of landing a stager on a MacOS system during a phishing campaign. In this walkthrough, I will show one possible way we can go about gaining a foothold by leveraging... Read More »
This week I had some free time to look into CVE-2018-1038 aka Total Meltdown. The aim was to create a quick exploit which could be used to elevate privileges during an assessment. I ended up delving into Windows memory management more than I had before.... Read More »
Recently I joined the MDSec team after seeing many of the cool things that they had contributed to the community, and to hopefully pick up some of their awesome skills. Shortly after joining I was pointed to a small research project, CVE-2018-4878, a Flash vulnerability classified as a "Use-After-Free". This vulnerability was being exploited in the wild, however due to the way in which the malware was encrypted, it was not possible to recover a live sample of the exploit. Basing research on so... Read More »
During an evening of bug hunting, I found a cool issue in Evernote's WebClipper tool. The result was a Universal XSS vulnerability, which we will explore in this post.... Read More »