It has been a while since I haven’t published a post on our beloved blog. Today I would like to share technical details and POC for a pretty funny vulnerability that I’ve found at GravCMS.
As I’ve been saying since 2015, my pentest team and I love to chase after 0days during penetration test engagements. This time we come across a GravCMS during the external OSINT process.
Read More
I believe that doing a security research is all about trying to understand high-level of architecture of the products and finding a creative attack vectors.
I hope this blog post will show some the readers how to start doing security research.
Read More
In this article, I will be sharing several critical vulnerabilities of Seagate Central Storage NAS product.
Read More
I’ve been doing security researches on softwares for a quite long time. During these researchs, I often find myself in a situation where in I think about the state of mind of developers, problems that occur during developments and core problems of nature of software crafting teams. Thinking about these questions always lead me to realize possible software bugs.
People developers are tend to make mistakes by the nature of human being. Mistakes made by developers usually end up with software bugs. If there is a software bug, security researchers always try to take an advantage of this bugs and convert it to a software vulnerability. For that reason, I always start my research by defining a places in softwares where things left to the developer’s initiative. One of good the example for that ‘places’, which also main focus of this post, can be a session validations.
Throughout the Art of Anti Detection series we have mainly looked at methods for bypassing automated security products, but in this part we will focus on several self-defense methods for protecting our foothold on the target machines against actual users. These users may be technically insufficient employees or they may be blue team members in a cyber incident division of a company. Our goal is to stay alive and hide our presence inside the target system without having any privileges. But before getting deeper i advise you to read the previous articles of this series, because these methods will include a lot of shellcoding and API hooking thus requires prior knowledge. Now lets get to it !
Read More