Our Blog

Bypassing access control in BMC Control-D Report Viewer

Reading time: ~5 min
Posted by Rogan Dawes on 03 December 2019
Categories: Internal, Webapps
BMC makes a number of mainframe-focused applications, one of which is Control-D. Control-D is a “Report Distribution system for distributed...

Obtaining shells via Logitech Unifying Dongles

Reading time: ~11 min
Posted by Rogan Dawes on 02 December 2019
Categories: Internal, Radio, Real-world, Redteam, Rf, Shells, Usb
In this post, I will recap some of the security research conducted on wireless keyboards and mice, and eventually show...

Hacking doom for fun, health and ammo

Reading time: ~20 min
Posted by Leon Jacobs on 27 November 2019
Categories: Doom, Frida, Games, Reversing, Sensecon 2019, Reverse engineering
Remember iddqd and idkfa? Those are two strings were etched into my brain at a very young age where fond...

The power of variant analysis (Semmle QL) CVE-2019-15937 and CVE-2019-15938

Reading time: ~11 min
Posted by Hector Cuesta on 28 October 2019
Categories: Cve, Exploit, Variant analysis, Vulnerability research, Code analysis, Cve-2019-15937, Cve-2019-15938, Ql, Semmle, Vulnerability
Intro This post will try to do a small introduction to the QL language using real-world vulnerabilities that I found...

mettle your ios with frida

Reading time: ~9 min
Posted by Leon Jacobs on 01 October 2019
Categories: Av evasion, Frida, Metasploit, Meterpreter, Objection
For a long time I have wondered about getting Meterpreter running on an iOS device using Frida. It wasn’t until...

PEAP Relay Attacks with wpa_sycophant

Reading time: ~8 min
Posted by Michael Kruger on 25 June 2019
Categories: Defcon, Relay, Rogue-ap, Tool, Wifi
Back in 2018, I was interested that MSCHAPv2 and NTLMv1 hashes crack using the same algorithms, and wanting to get...

Analysis of a 1day (CVE-2019-0547) and discovery of a forgotten condition in the patch (CVE-2019-0726) – Part 1 of 2

Reading time: ~16 min
Posted by Hector Cuesta on 02 May 2019
Categories: Cve, Cve-2019-0547, Cve-2019-0726, Dhcp, Exploit, Kb4480966, Patch diffing, Research, Diffing, Protocol, Windows
This post will cover my journey into the analysis of CVE-2019-0547 (Affecting the windows DHCP client), a vulnerability discovered by...

recreating known universal windows password backdoors with Frida

Reading time: ~21 min
Posted by Leon Jacobs on 23 April 2019
Categories: Backdoor, Frida, Lsass, Windows, Password
tl;dr I have been actively using Frida for little over a year now, but primarily on mobile devices while building...

Understanding PEAP In-Depth

Reading time: ~21 min
Posted by Dominic White on 18 April 2019
Categories: Cve, Deepdive, Ios, Mac, Rf, Rogue-ap, Wifi
tl;dr We reported a long standing PEAP bug in all Apple devices that would allow an attacker to force any...

Being Stubborn Pays Off pt. 1 – CVE-2018-19204

Reading time: ~13 min
Posted by Javier Jimenez on 18 April 2019
Categories: Cve, Exploit development, Internals, Webapps, 0day, Cve-2018-19204, Exploit, Prtg network monitor, Web application
Intro During an internal assessment, I came across monitoring software that had default credentials configured. This monitoring software allowed for...