Exploitation of Vulnerabilities
In this blog, we’ll be discussing the discovery, analysis, and exploitation of CVE-2019-8917 which is a remotely exploitable WCF vulnerability that we discovered in SolarWinds Orion NPM 12.3.
Read more
Fabius Watson
Exploit Development
A trend that the VerSprite Research team noticed in .NET services is the exposure of dangerous methods through insecure WCF endpoints. Download this presentation for a high-level overview of the WCF terminals and receive a practical analysis.
Any time you swipe a card to make a purchase or utilize a self-checkout kiosk, a Point-Of-Sale system is responsible for handling the intricacies of your transaction in the background.
Windows Vulnerabilities
During an audit of several Windows VPN services, we identified several WCF endpoints that offered direct control of command line parameters used in the creation of an elevated process. This allowed for local privilege escalation to the SYSTEM user.
Watch the video of VerSprite’s Security Research presentation at Ekoparty 2018 on Abusing Insecure WCF Endpoints. A trend that the VerSprite Research team noticed in .NET services is the exposure of dangerous methods through insecure WCF endpoints. Most of these services are started automatically as LocalSystem, which is the highest user privilege level available.
JEA Just-Enough-Administration
Throughout my testing and implementation of JEA in a private network I was able to discover more reasons why JEA is such an underused but powerful tool.
Quasi Brereton
We are an international squad of professionals working as one.
Email
Phone
