In this article, we will show details and metasploit module for vulnerability that affects Trend Micro’s IMSVA solution.
As I said on my previous article, being a penetration tester makes us feel like a group of traveler. Today, I would like to share a details about yet another 0day vulnerability we’ve found during penetration test which later lead us to take down entire domain network. (more…)
Being a penetration tester makes us feel like a group of traveler. Discovering the internal world of the institution during engagement gives us the opportunity to make unexpected journeys. In this article, I will share a details of how we got an access to the heart of the company. (more…)
As you know, nowadays web applications could be as complex as operating systems. Most of those complexity comes from authorisation schemas. Such weaknesses are referred to in the literature as Insecure Direct Object Reference.
Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, for example database records or files. (more…)
Identifying the employees of the target organization via social media platforms such as Linkedin and sending related attractive mails comes first in the social engineering attacks. By tracking down social media, an adversary may understand most interesting topic about targeted company’s employees. After from that point, adversary may send out a phishing e-mail to the selected employees in order to steal a valid domain credentials. (more…)