Several months ago, whilst on a client engagement, I identified a number of zerodays in an enterprise asset management application called EasyInstall. This gave me, among other things, elevation of privilege on managed assets, a wealth of information for recon, and – most interestingly – unauthenticated remote secure wipe of any asset. The blog on …
As an adversary it is useful to establish a base of operations from within the target network that is not controlled by the target organisation. This avoids the need to circumvent various EDR/AV solutions that could not only block our actions, but worse, expose us to the target. Homeworking solutions can offer malicious insiders a …
For the first blog on this new site I wanted to talk about a simple technique to get LetsEncrypt certificates for internal devices (those not exposed to incoming Internet connections). Some may ask why do this – isn’t it exposing information about your internal network to the outside world. Well, yes. However, I want to …