Security Vulnerabilities

Waves Maxx Audio DLL Side-Loading LPE via Windows Registry

Blog Post

Security Vulnerabilities

When performing vulnerability research, it is essential to make sure that all attack vectors concerning exploitation are exhausted. One avenue of exploitation comes from the Windows registry.

Read more

Microsoft Windows Remote Code Execution (RCE) Vulnerability: BlueKeep

Blog Post

Exploitation of Vulnerabilities

On June 17, 2019 the Department of Homeland Security (DHS) issued an alert for the Microsoft Windows Remote Code Execution (RCE) vulnerability named BlueKeep and CVE-2019-0708.

Read more

Attacking Weakly-Configured EAP-TLS Wireless Infrastructures

Blog Post

Transport Layer Security (TLS)

When performing red teaming engagements, you typically have to assess the Wireless infrastructure used by the target in an attempt to find a way to set foot on their network infrastructure, and then search for completing your goals (which usually include obtaining sensitive business data or accessing critical systems).

Read more

Critical Vulnerability in WordPress Core

Blog Post

Security Vulnerabilities

Security researchers at RIPS Technologies GmbH have published research about a critical remote command execution (RCE) in WordPress 5.0. This issue affects all the previous released versions in the past 6 years.

Read more

Securing Microsoft Azure Environment

Blog Post

Windows Vulnerabilities

Given the noticeable upward trend in Azure adoption, let’s explore more about Azure security, compliance, and its other rich capabilities. In this post we’ll just touch on big picture and what is important to securing your Azure environment.

Read more

Critical Google Chrome Security Issue

Blog Post

Security Vulnerabilities

A critical issue has been discovered in Chrome that allows malicious attackers to escape the browser’s sandbox and execute code on the underlying operating system.

Read more

TLS 1.3 and Major TLS Libraries Vulnerable

Blog Post

Attackers may take over accounts and pose as clients or employees to entice those controlling corporate accounts to divulge information or open malicious documents. These types of scenarios should be incorporated into user awareness training. Do not trust anyone online simply based on who they purport to be.

Read more

CarLinkBT Module: Developing an Exploit

Blog Post

Security Vulnerabilities

In part two of this series, we’ll dive deeper into the technical specifications of the CarLinkBT module. We’ll also discuss the dynamic analysis and testing performed to confirm our findings. Finally, we’ll walk through the process of developing an exploit for this vulnerability.

Read more

MiTM Attack Between Target Windows Machines and a DNS Server

Blog Post

Backdoor Attack

When performing this attack, we will find two different scenarios. #1: the attacker machine, the victim, and the DNS server are all in the same network segment. #2: the attacker machine is in the same network segment of the Windows victims and the DNS server is placed in another network segment.

Read more

We are an international squad of professionals working as one.

Email

[email protected]

logos