Advisory

ZendTo NDay Vulnerability Hunting - Unauthenticated RCE in v5.24-3 <= v6.10-4

Discovering NDay flaws in ZendTo filesharing software highlighted an interesting fact: without the issuance of CVEs, vulnerabilities can easily go unpatched.

Tutorial

Disable TLS 1.0 and 1.1 via GPO

Disabling TLS 1.0 and 1.1 via GPO strengthens security by removing outdated protocols. While practical exploitation is difficult, turning them off is often easier than justifying scan findings to auditors. Here’s how.

Blog Post

Security Risks of Setting Access Control Allow Origin: *

Wildcard CORS: convenient or careless? What are the ACTUAL scenarios that could lead to a loose CORS policy being exploited?

Advisory Featured

LiquidFiles Vulnerabilities: From Discovery to Disclosure

Join us in my quest to find some vulnerabilities in the Liquidfiles application! A full walkthrough awaits detailing the methodology and the findings that made all the effort worthwhile.

News

CREST Certified Penetration Testing - Project Black

We are thrilled to announce that Project Black has been accredited as a CREST member company in the Australasia region! CREST accreditation is a significant milestone in our journey, but it’s just the beginning.

Resource

Time Boxed Penetration Testing for Web Applications

This article defines time boxed penetration testing and explains how it’s approached from a methodological standpoint. By focusing on high-risk areas, client-specific priorities, and sampling, time boxed testing can deliver efficient assessments within a limited timeframe.

Tutorial

Intune - Setting Registry Keys with Startup Scripts

Want to use Intune to set registry keys and apply some hardening? Try startup scripts for the simplest setup.

Tutorial

Disable WPAD via GPO (Verified)

It turns out that most online documentation (including Microsoft's) about how to disable WPAD are actually incorrect. After discovering this and contacting MSRC, Microsoft updated their documentation to add a pretty important note.

Resource

Free Penetration Testing for Eligible Organisations

Project Black is proud and excited to announce the launch of a pro bono penetration testing program for eligible organisations.

Blog Post Featured

CVE Hunting Made Easy

In just three Sunday afternoons, I discovered 14 CVEs - and you can too! CVE hunting is more accessible than many realise, and the methodology outlined here requires only a bit of coding knowledge.

Blog Post Featured

Hacking the Nokia Fastmile

Sometimes the best candidate for security research is the one right in front of you. This post summarises research conducted on Nokia Fastmile devices between 2021 and 2023.

Tutorial

Enable SMB Signing via GPO

"SMB Signing not required" may appear as just a Medium severity finding in most vulnerability scans, but under the right circumstances, it can be quite impactful. Here's a guide on how to enable and require signing.

Tutorial

Disable LLMNR via GPO (Together with NBT-NS and MDNS)

You're probably reading this because some pentesters got Domain Admin using LLMNR as a part of their attack chain in your internal network. Here's a quick tutorial for how to disable it via GPO.

Writeup

Hack the Box - Codify Walkthrough

In this walkthrough, we tackle "Codify" a fun box on Hack The Box (HTB) that really tests your privilege escalation skills! HTB is an online platform providing challenges for security enthusiasts to hone their hacking skills in a safe environment.

Tutorial

Cloudflare Tunnel & Ngrok Alternative: Entra Application Proxy Guide

It's 10pm, you're about to fall asleep, you get a notification on Twitter that informs you of a new CVSS 10 vulnerability that affects your company's PaloFortiJuniIvanti VPN appliance. Maybe it's time to look closer at some ZTNA solutions...

Blog Post

Is Assessing Your SaaS Providers Worth It? Uncovering an OS Command Injection in a Popular SaaS Platform

During a routine penetration test last year, we uncovered an OS command injection vulnerability on the login page of a SaaS platform widely used in the Australian education sector. This discovery prompts the question posed in our blog title.

Blog Post

How to Become a Penetration Tester

After our recent hiring drive, we got a lot of questions from people wanting to know how they can improve their chances of breaking into cyber as a penetration tester. To help out, we've put together this blog post to explain what we're looking for in our candidates.

Tutorial

Whitelisting an IP Address for Penetration Testing in Cloudflare

Getting ready to run a web application penetration test? Don't forget to whitelist your tester's IP address in your WAF. It might seem counterintuitive, but it helps make sure your consultant's time is used efficiently, giving you the best results.

Tutorial

SSH Without Port Forwarding

Exposed ports can attract unwanted scans, and incorrect router setups risk your network's security. If you want to SSH to your server without exposing any ports here's an alternative that uses Cloudflare Tunnel.

Blog Post

Black Hat SEO - Fair Game or Foul Play?

In the cybersecurity industry, there's a constant stream of conversation about ethics. So, imagine my surprise when I discovered that certain Australian cyber consultancies seem to be involved in Black Hat SEO tactics, breaching Google's webmaster guidelines.

Tutorial

Automated Graylog Open Setup using Puppet

The term SIEM often conjures images of complex configurations and $100k bills leading to inaction. It doesn't have to be that way. In cybersecurity (and often in life), starting somewhere and taking even a small step in the right direction is preferable to standing still.

Blog Post

Password Strength Checkers - Mostly Useless...

Think your password is strong? Ever trusted a password strength tool online (or maybe you don't trust anything)? You might be surprised to see how far off the mark some of the most popular password strength tools are.

Advisory Featured

A Watchguard Vulnerability That's a "Feature"- GuardLapse

Picture this: a feature from a security appliance that willingly dispatches its password hashes to any device on the network. That is precisely what WatchGuard's SSO does under certain circumstances. Does a bad feature warrant filing a CVE? I'm not sure.

Blog Post

Why You Need a Vulnerability Disclosure Program (VDP)

You're out for a stroll and spot a house with its front door wide open. Out of concern, you try to inform the owner about the door. Unexpectedly, the owner snaps back, insisting the door is shut. This is a story about the worst vulnerability disclosure process I've ever experienced.

News

Announcing Partnerships with Graylog and Tenable

I'm thrilled to share that in our continued efforts to enhance our services, we are entering into strategic partnerships with Graylog, a leader in log management and security information solutions, and Tenable, renowned for their advanced vulnerability management.