Research HestiaCP Admin Takeover & RCE A low privileged user in HestiaCP can exploit a Broken Authorisation flaw to takeover Admin accounts.
Resource CREST ANZ vs CREST International If you're evaluating cyber security providers in Australia, you've probably come across the CREST logo more than once.
Research Featured Local AI for Penetration Testing & Research How competent are local AI models for cyber security bug hunting and research?
Tutorial A user account restriction (for example, a time-of-day restriction) is preventing you from logging on. For assistance, contact your system administrator or technical support. If you've just added your user to the protected users group and can no longer RDP. Here's how to resolve that.
Research Liquidfiles Privilege Escalation An admin in a secondary domain can escalate themselves to sysadmin in Liquidfiles.
Research Pi.Alert - Unauthenticated SQL Injection An unauthenticated attacker can exploit a SQL injection flaw in Pi.Alert to steal everything in its database.
Resource Guide to Penetration Testing Services in Australia A practical guide to procuring penetration testing services in Australia, from scope and compliance to selecting the right provider.
Research LibreNMS Authenticated RCE (< 26.5.0) When there's one, there's normally more. This is a part 2 to our previous post on LibreNMS.
Tutorial Remove SPNs and Fix Kerberoasting Remediate Kerberoasting vulnerabilities by removing SPNs for accounts that don't need them.
Research Gibbon v30.0.00: Authenticated SQL Injection and RCE We go back to school to hunt down some SQL Injection, Local File Inclusion, and DoS in the Gibbon school management software.
Tutorial Fixing ESC4 - User has dangerous permissions Prevent ESC4 ADCS attacks by restricting permissions assigned to users and groups.
Research LibreNMS < 26.3.0 Authenticated RCE & XSS By searching for unsafe patterns and function calls, we discovered authenticated XSS and RCE vulnerabilities in LibreNMS.
Tutorial Fixing ESC8 - Web Enrollment is enabled over HTTP and HTTPS, and Channel Binding is disabled Stop ESC8 relay attacks by enforcing Extended Protection for Authentication (EPA) and TLS encryption.
Resource Australia Wide Internal & Wireless Network Penetration Testing We are wherever you are. Project Black maintains capabilities to perform internal and wireless network testing anywhere in Australia.
Tutorial Preventing Downloads from Unmanaged Devices in O365 Defender for Cloud has publicly documented bypasses despite the countless articles suggesting it can be used to block downloads!
News Project Black is now a CVE Numbering Authority (CNA) Project Black is now a CVE CNA! We’re proud to help secure the ecosystem by publishing CVE Records.
Tutorial Fixing ESC1 - Enrollee supplies subject and template allows client authentication ADCS misconfigurations are one of the most common privilege escalation vectors we encounter. This article covers steps to remediate ESC1 flaws.
Tutorial Importing Pre-made Kali VMware VM into ESXi The Kali prebuilt VMware VM is built for VMware Workstation but can still be imported directly into vSphere/ESXi environments with a few extra steps.
Blog Post Dumpster Diving for Data Your trash could be a data breach. I found thousands of medical records on a discarded computer Medicare numbers, DOBs, and treatment plans.
Tutorial Set ms-DS-MachineAccountQuota to 0 By default, low privileged users can create up to 10 computer accounts in an Active Directory domain. Unless you regularly have end users joining computers to the domain, it should be set to 0.
Research Orthanc 1.12.9 User Impersonation A simple code review can lead to some quick wins if you know where to look. A couple hours of staring at C++ code led us to a user impersonation vulnerability in Orthanc 1.12.9.
Tutorial Remote Control Android from PC Using scrcpy If you need to remotely access an Android phone this article walks through using scrcpy to remotely manage Android devices natively.
Resource ST4S Assessment So you’ve just been told you need to meet ST4S requirements? Broken down into parts the ST4S framework is relatively straightforward.
Tutorial Firebase Security Fundamentals Every application built on Firebase that we've looked at has had the same vulnerabilities. These common vulnerabilities aren’t hard to prevent but they're easy to overlook.
Research Featured Traccar Unauthenticated LFI v5.8-v6.8.1 Sometimes you search endlessly and find nothing. Other times, the gold just drops into your lap. This is a story about how we accidentally found a pretty impactful vulnerability.