Jeffrey Bencteux
Author Image

Rubrique-à-brac

© 2019 - 2024 Jeffrey Bencteux
Built with Hugo ❤️ hyde-hyde.
Windows explorer restrictions bypasses - filesystem access Apr 08, 2024 Explaining and bypassing some Windows explorer restrictions.
CVE-2023-40303: unchecked return values of set*id() family functions in GNU inetutils Aug 14, 2023 GNU inetutils do not check return values of set*id() family functions, leading to potential privilege escalations in binaries such as ftpd or rcpd.
On checking set*id() return values Jul 26, 2023 If set*id() syscalls' return values are not checked, it can cause security issues such as privilege escalation.
CVE-2023-38336: Command injection in netkit-rcp Jul 18, 2023 Netkit-rcp is vulnerable to a command injection in filenames used as copy arguments.
CVE-2023-36631: Circumventing Windows Firewall controls with... Malwarebytes' Windows Firewall Control Jun 21, 2023 Malwarebytes' software for firewall management let unprivileged users perform administrative firewall actions without access controls allowing for local network rules bypass.
OSINT from images' metadata hosted on websites Apr 13, 2023 TL;DR; Images hosted by websites contains numerous metadata fields depending on their filetype (JPG, PNG…). These fields include interesting information for reconnaissance purposes such as: names, telephone numbers, email addresses or URLs. Often, website editors do not strip the images hosted on their websites, making leaks of information possible. Introduction Imagine you are part of a red team and your task is to penetrate inside a company’s perimeter. First, you want to gather intelligence. ...
DMARC Identifier Alignment: relax, don't do it, when you want to go to it Jan 25, 2023 From subdomain takeover to phishing mails TL;DR; if you have a subdomain takeover for a given domain, and default DMARC alignment settings, you can create emails that passes SPF and DMARC for phishing purposes. DKIM, however, cannot be passed for the domain but a trick is possible to make emails look more trustworthy. This post and more are now part of a book I wrote on email security: Introduction I like Mozilla’s definition of a subdomain takeover: ...
Microsoft Azure security technologies certification and beyond (book review) Jan 11, 2023 Book by David Okeyode
Nmap - detecting the network mapper Jan 03, 2023 Detecting network scans When we speak about detection, you can often hear “let’s detect attackers' scans”. I believe that sentence is thrown in order to detect intruders on early stages of an attack. However there are a few issues with this mindset as blindly detecting all types of scans made on a security perimeter will drive the SOC crazy with the amount of false positive and legit alerts generated. It will not improve the level of detection you have either because you will not be able to treat all the alerts and may miss the ones revealing the presence of intruders. ...
Divin'n'phishin with executable filetypes on Windows Oct 26, 2022 In order to find phishing payloads, one needs to understand how executable filetypes on Windows are handled, finding which ones can be delivered to mail clients, thus users, without being caught by mail defences in between and without requesting multiple validation steps from that user for execution once clicked on. Other filetypes are also relevant for phishing even if they are not executable per-se, they are also mentionned in this article. ...