Exploitation of Vulnerabilities
Any time you swipe a card to make a purchase or utilize a self-checkout kiosk, a Point-Of-Sale system is responsible for handling the intricacies of your transaction in the background.
Read more
Fabius Watson
Windows
During an audit of several Windows VPN services, we identified several WCF endpoints that offered direct control of command line parameters used in the creation of an elevated process. This allowed for local privilege escalation to the SYSTEM user.
Enterprise Data Security
Throughout my testing and implementation of JEA in a private network I was able to discover more reasons why JEA is such an underused but powerful tool.
Quasi Brereton
JEA Just-Enough-Administration
Imagine this scenario: You are a systems engineer. You are tasked with managing user and group access controls. Your company’s two person NOC team has admin rights to perform triage work. Eventually, you discover that your company is compromised and has been for an unknown length of time.
Watch the video of VerSprite’s Security Research presentation at Ekoparty 2018 on Abusing Insecure WCF Endpoints.
Backdoor Attack
Larry Cashdollar, a Senior Security Response Engineer at Akamai, publicly disclosed the details of a vulnerability in the jQuery File Upload plugin (CVE-2018-9206).
Versprite
We are an international squad of professionals working as one.
Email
Phone
