Evading command-line detection with doskey
Oct 22, 2022
the doskey command can be used to evade some command-line detection rules by hidding the executable name behind an alias.
Zero-point Security's Red Team Ops II (CRTL) review
Oct 19, 2022
Context The recent release of the Red Team OPS II course by Zero-point Security caught my attention on Twitter in August. Since the Red Team Ops I course was, in my opinion, very good content, I decided to buy the RTO II bundle and give it a go.
Course The course description and syllabus can be found on Zero-point Security website. Zero-point Security makes it clear this is a deeper dive into red teaming and I can only agree.
...
➦
ELearnSecurity Certified Threat Hunting Professional (eCTHPv2) review
Jul 10, 2022
Context Since I took the eLearnSecurity Certified Incident Responder (eCIR) a good while ago and that according to eLearn, the Certified Threat Hunting Professional (eCTHPv2) is the next stepping stone, I decided to give it a go. The person that made the course’s material also being one of my former colleagues, Slavi Parpulev, and the fact we joked internally about me getting certified by him gave me one more good reason to study for it.
...
➦
Multiple vulnerabilities in cifs-utils
May 12, 2022
I recently found two bugs in cifs-utils, the userland tools of SMB implementation in Linux, which led to the release of version 6.15. The full article can be read at https://improsec.com/tech-blog/multiple-vulnerabilities-in-cifs-utils.
Useful links:
Responsible disclosure CVE assigned: CVE-2022-27239, CVE-2022-29869 cifs-utils version 6.15 advisory
Zero-point Security's Red Team Ops (CRTO) review
May 01, 2022
Context I recently took Zero-point Security’s Red Team Ops) course and associated exam (CRTO). It is also known as Daniel Duggan’s a.k.a Rastamouse course, even if since then Zero-point security has released other courses on offensive programming. It is so far the best learning experience I had on an online certification and I wanted to share a bit of what to expect from the course as well as what you can gain from it.
...
➦
Multiple vulnerabilities in Synametrics' Synaman
Apr 05, 2022
While doing a CTF box, I escalated privileges using an unintended path that led to the below discoveries.
Synametrics definition of Synaman:
“SynaMan - A Remote File Manager - Share large files with colleagues without compromising on security.” // mark this sentence
CVEs registered CVE-2022-26250: LPE via weak service permissions CVE-2022-26251: RCE and privilege escalation by using the default web UI administrative features. Affected versions and platforms Synaman 5.
...
➦
ElearnSecurity Web application Penetration Tester eXtreme (eWPTXv2) review
Feb 26, 2022
Context After a few months away from ElearnSecurity certifications, mostly due to OSCP preparation, I decided to take the second web course and certification they offer: Web Application Penetration Tester eXtreme (eWPTXv2). It was the logical sequel to the ElearnSecurity web application pentester certification (eWPT) I took a while ago and the course outline seemed promising.
I passed the certification recently and wanted to give some insight on both the course and the exam.
...
➦
Multiple vulnerabilities in SonicWall SMA 100
Jan 05, 2022
I recently found two vulnerabilities in SonicWall’s Mobile Access (SMA) web interface. You can read the full disclosure here.
Useful links:
Responsible disclosure CVE assigned: CVE-2021-20049, CVE-2021-20050 SonicWall’s advisories: SNWLID-2021-0030, SNWLID-2021-0031
PHP's open_basedir is not a security feature
Dec 19, 2021
What is PHP’s open_basedir? open_basedir is a directive of the php.ini file that takes paths as values. Quoting PHP’s manual:
open_basedir string Limit the files that can be accessed by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.
When a script tries to access the filesystem, for example using include, or fopen(), the location of the file is checked.
...
➦