Luckily, it was only a test. During penetration testing for two international companies, our team found numerous vulnerabilities. In both cases we had total control over all systems within the clients’ network and could easily shut them down, siphon data from critical customer-facing systems, take over PCI assets, and more. If we were the bad […]
Why Password Managers and MFA are Important in your Security Stack The subject of password strength and complexity requirements has been discussed and debated ad nauseam in the security industry. It is a subject as old as information security itself and will not be going away any time soon. We, as penetration testers, absolutely love passwords because […]
Background: After running into ManageEngine products on a number of penetration tests, we decided to take a closer look at their products and see if there were any vulnerabilities that we could take advantage of. CVE Numbers: CVE-2019-12876 Versions Tested: DesktopCentral – 10.0.380 ADSelfService Plus – 5.7 ADManager Plus – 6.6.5 DLL Hijacking: Multiple ManageEngine […]
Background: While conducting a penetration test of a client’s external network, I discovered a way to enumerate users’ in ManageEngine’s ADSelfService Plus application. This allows an attacker to determine the system Admin username. Product: ManageEngine ADSelfService Plus Software Version: 5.7, build 5704 Issue: The login page is vulnerable to account enumeration. The admin login page […]
Background: While conducting a penetration test of a client’s external network, I discovered three separate instances of information disclosure in VMware’s Horizon Access Web Portal. An unauthenticated user could access information such as internal domain names, the Connection Server’s internal hostname, or the gateway’s internal IP address. Version Tested 4.7.0 CVE Number CVE-2019-5513 Security Advisoriess VMSA-2019-0003 – […]
Introduction Malicious actors have multiple ways to share data they have stolen from websites or services. Some might post to popular forums to gain notoriety while others might post anonymously to paste sites like PasteBin. Combing through all the pastes being posted is beyond the ability of humans, so I’ve created a tool that helps users […]
Background While conducting a penetration test for a customer, I encountered an unused developer forum using JForum version 2.1.8 and started looking for vulnerabilities within the application. Version Tested: 2.1.8 CVE Number: CVE-2019-7550 Security Advisories: None Issue When creating a new user within the application, the browser sends a GET request to the server to check if a […]
Background In my previous life, I spent a lot of time analyzing malware and figuring out how it worked in order to defend against it. One trend that has increased across the industry is the use of fileless malware and specifically mshta.exe as a method of infection. Now that I’m on offense, I wanted to […]
From Jonathan Swift’s fake almanac in 1708 to the modern Dihydrogen monoxide joke, hoaxes have been around for as long as humans have enjoyed deceiving each other for fun. The ease of communication via technology has made hoaxes and scams even more prevalent, evolving from word-of-mouth and chain email to Instagram, WhatsApp, and Facebook. Users are constantly falling […]
Just over a month ago, Marriott International, one of the world’s largest hotel chains, announced that there was unauthorized access to the database, which contained guest information relating to reservations at Starwood properties on or before September 10, 2018. Among the hotels under the Starwood brand are the W Hotels, St. Regis, Sheraton, Westin, and Design […]