Research Blog | Project Black

Pi.Alert - Unauthenticated SQL Injection

Pi.Alert - Unauthenticated SQL Injection

An unauthenticated attacker can exploit a SQL injection flaw in Pi.Alert to steal everything in its database.

Guide to Penetration Testing Services in Australia

Guide to Penetration Testing Services in Australia

A practical guide to procuring penetration testing services in Australia, from scope and compliance to selecting the right provider.

LibreNMS Authenticated RCE (< 26.5.0)

LibreNMS Authenticated RCE (< 26.5.0)

When there's one, there's normally more. This is a part 2 to our previous post on LibreNMS.

Remove SPNs and Fix Kerberoasting

Remove SPNs and Fix Kerberoasting

Remediate Kerberoasting vulnerabilities by removing SPNs for accounts that don't need them.

Gibbon v30.0.00: Authenticated SQL Injection and RCE

Gibbon v30.0.00: Authenticated SQL Injection and RCE

We go back to school to hunt down some SQL Injection, Local File Inclusion, and DoS in the Gibbon school management software.

Fixing ESC4 - User has dangerous permissions

Fixing ESC4 - User has dangerous permissions

Prevent ESC4 ADCS attacks by restricting permissions assigned to users and groups.

LibreNMS < 26.3.0 Authenticated RCE & XSS

LibreNMS < 26.3.0 Authenticated RCE & XSS

By searching for unsafe patterns and function calls, we discovered authenticated XSS and RCE vulnerabilities in LibreNMS.

Fixing ESC8 - Web Enrollment is enabled over HTTP and HTTPS, and Channel Binding is disabled

Fixing ESC8 - Web Enrollment is enabled over HTTP and HTTPS, and Channel Binding is disabled

Stop ESC8 relay attacks by enforcing Extended Protection for Authentication (EPA) and TLS encryption.

Australia Wide Internal & Wireless Network Penetration Testing

Australia Wide Internal & Wireless Network Penetration Testing

We are wherever you are. Project Black maintains capabilities to perform internal and wireless network testing anywhere in Australia.

Preventing Downloads from Unmanaged Devices in O365

Preventing Downloads from Unmanaged Devices in O365

Defender for Cloud has publicly documented bypasses despite the countless articles suggesting it can be used to block downloads!

Project Black is now a CVE Numbering Authority (CNA)

Project Black is now a CVE Numbering Authority (CNA)

Project Black is now a CVE CNA! We’re proud to help secure the ecosystem by publishing CVE Records.

Fixing ESC1 - Enrollee supplies subject and template allows client authentication

Fixing ESC1 - Enrollee supplies subject and template allows client authentication

ADCS misconfigurations are one of the most common privilege escalation vectors we encounter. This article covers steps to remediate ESC1 flaws.

Importing Pre-made Kali VMware VM into ESXi

Importing Pre-made Kali VMware VM into ESXi

The Kali prebuilt VMware VM is built for VMware Workstation but can still be imported directly into vSphere/ESXi environments with a few extra steps.

Dumpster Diving for Data

Dumpster Diving for Data

Your trash could be a data breach. I found thousands of medical records on a discarded computer Medicare numbers, DOBs, and treatment plans.

Set ms-DS-MachineAccountQuota to 0

Set ms-DS-MachineAccountQuota to 0

By default, low privileged users can create up to 10 computer accounts in an Active Directory domain. Unless you regularly have end users joining computers to the domain, it should be set to 0.

Orthanc 1.12.9 User Impersonation

Orthanc 1.12.9 User Impersonation

A simple code review can lead to some quick wins if you know where to look. A couple hours of staring at C++ code led us to a user impersonation vulnerability in Orthanc 1.12.9.

Remote Control Android from PC Using scrcpy

Remote Control Android from PC Using scrcpy

If you need to remotely access an Android phone this article walks through using scrcpy to remotely manage Android devices natively.

ST4S Assessment

ST4S Assessment

So you’ve just been told you need to meet ST4S requirements? Broken down into parts the ST4S framework is relatively straightforward.

Firebase Security Fundamentals

Firebase Security Fundamentals

Every application built on Firebase that we've looked at has had the same vulnerabilities. These common vulnerabilities aren’t hard to prevent but they're easy to overlook.

Traccar Unauthenticated LFI v5.8-v6.8.1

Research Featured

Traccar Unauthenticated LFI v5.8-v6.8.1

Sometimes you search endlessly and find nothing. Other times, the gold just drops into your lap. This is a story about how we accidentally found a pretty impactful vulnerability.

Bypassing Windows Login Without Password

Bypassing Windows Login Without Password

Forgot your Windows password? Or maybe you're in physical possession of a device that you don't have the password for? Here's a trick to bypass that login screen.

HTB CBBH Review - A Penetration Tester's Perspective

HTB CBBH Review - A Penetration Tester's Perspective

If web application security interests you, HTB’s CBBH offers structured practice that translates well to both bounty hunting and professional penetration testing.

Salesforce Penetration Testing Fundamentals

Tutorial Featured

Salesforce Penetration Testing Fundamentals

This blog walks you through using our script to audit a Salesforce environment, uncovering excessive permissions and platform-specific risks like SOQL injection.

We can't set up the conversation because your organisations are not set up to talk to each other

We can't set up the conversation because your organisations are not set up to talk to each other

Not our usual content, but this pops up often enough that we thought a quick write-up would be helpful for us to share to our customers and for anyone else.

Free Web Filtering

Free Web Filtering

Free, simple, and effective. DNS based web filtering is a security control every organisation should consider. It adds a layer of protection with minimal effort and no additional cost.