Affected Software: Several components of the CUPS printing system, specifically cups-browsed, libppd, libcupsfilters, and cups-filters, in versions up to 2.0.1. Discovered By: Simone Margaritelli (@evilsocket) Impact: Allows remote code execution…
Penetration Testing Lab Whether you have a fully virtual organisation consisting of several different machines or the odd virtualised box you’re using to explore or freshen up on certain skills.…
Wardriving was once a really popular sport, I myself loved mapping new areas with my trusty Orinco Gold Card. I’m not sure how popular it is these days but I…
I was performing some penetration tests in 2011 – 2012 against various PHP applications integrated with MySQL databases which were vulnerable to Time Based Blind SQL Injection. Due to various…
Building on from my previous post, this will primarily focus on delivering an Empire payload via an embedded offensive PowerShell script stored within the ‘comments’ property of an MS Excel…
As a penetration tester I’m always excited to see new and creative methods on creating weaponized MS Office documents. This blog post builds on the following findings published by Black…
What’s YANP I hear you ask? YANP stands for “Yet Another Nessus Parser” written by Alessandro Di Pinto and I’m over the moon that I found it. I’ll tell you…
Intro I have had a few people over the last couple of months asking me how to get Bloodhound up and running after I had sung its praise since seeing…
This walk through assumes you know a thing or two and won’t go into major detail. After all it’s meant for fellow researchers and penetration testers. Findings so far… Findings…
Even though this vulnerability was detected back in 2015 I am only starting to notice it popping up on engagements more frequently. CVE-2015-8103 – Jenkins CLI – RMI Java Deserialization…