Bold Statements
First day at hack.lu. Three of us kicked the conference off with the ARM IoT Firmware Emulation workshop by Saumil. The goal of this workshop was not so much to write exploits or to pwn boxes but to learn how to build a beneficial research environment by emulating the hardware of a Linux based IoT device to run its firmware in order to run analysis and tests.
Continue reading “Hack.lu 2018: ARM IoT Firmware Emulation Workshop by Saumil Udayan Shah”
Continue readingAt this years ARES conference, Jonas Plum (Siemens) and me (Andreas Dewald, ERNW Research GmbH) published a paper about the forensic analysis of APFS, file system internals and presented different methodologies for file recovery. We also publicly released a tool implementing our presented approaches, called afro (APFS file recovery).
Continue readingWe recently identified security issues in the UNIFY OpenScape Desk Phone CP600 HFA software. We disclosed the vulnerabilities to Unify, as a fix is now provided we want to give a brief overview of the vulnerability affecting the web interface.
Continue reading “Multiple Vulnerabilities in UNIFY OpenScape Desk Phone CP600”
Continue reading*This event will be held in German*
Inspiriert durch die erfolgreichen Round-Table-Diskussionen der Troopers-Konferenz freuen wir uns, Ihnen heute mit dem Incident Analysis and Digital Forensics Summit 2018, eine weitere Veranstaltung in einer Reihe zu Trend-Themen im Bereich der IT-Sicherheit vorzustellen.
Continue reading “Incident Analysis and Digital Forensics Summit 2018, 14th of November of 2018”
Continue readingFor those who never heard of Sitefinity before, it is an ASP.NET-based Web Content Management System (WCMS), which is used to deploy and manage applications as other CMS‘s do. A bitter quick glance at Sitefinity and its advantages can be found in this overview.
Delving into the core of this blog post, recently I had the opportunity to look at Sitefinity WCMS in which I found two reflected Cross Site Scripting (XSS) (CVE-2018-17053 and CVE-2018-17056), a stored XSS (CVE-2018-17054) and an arbitrary file upload (CVE-2018-17055) vulnerabilities.
Continue readingRecently, I had some time to play around with HEVD [1], an extremly vulnerable Windows driver available for 32-bit and 64-bit systems.
Since exploits for all vulnerabilities of the 32-bit variant are publically available, I was wondering why this is not the case for the 64-bit version, especially for the pool corruption and UAF vulnerabilities.
Continue reading “Spraying arbitrary objects into the non-paged pool”
Continue readingI have the pleasure to announce the Active Directory Security Summit 2018 at 13th. of November of 2018. The summit covers current Active Directory security related topics such as challenging tasks of hybrid Active Directory operations as well as new security best practices and some ‘evergreens’ – Admin Tiering implementations (what about Exchange and DNS…??), ESAE operations etc. 😉 Continue reading “Active Directory Security Summit 2018, 13th. of November of 2018”
Continue readingtl;dr: With the tool nmap-parse-output you can convert, manipulate or extract data from a Nmap/masscan scan output. This allows you to get the information you’re looking for by just entering a straightforward command. Continue reading “nmap-parse-output: A tool for analyzing Nmap scans”
Continue readingTaking a look at the CVE List for WordPress, most vulnerabilities aren’t found within the WordPress core but inside of third-party plugins and themes.
Today, let’s talk about WordPress.
Performing a WordPress assessment might seem boring at first as core functionality [tested] and configuration does not allow for extensive security misconfigurations. Luckily, most instances use plugins and themes to add features not offered by the WordPress core.
In this blog post I would like to discuss the findings and how I discovered them. Also, I will describe different vendor responsiveness reaching from not responding at all, to not understanding the issue to fast and professional responses kindly asking for a review of the updated code ready for deployment. Continue reading “A few notes on WordPress Security”
Continue readingThis blogpost is about the release of a plugin for Binary Ninja that allows you to run a Python Kernel inside the Binary Ninja GUI environment to which you can attach a Jupyer (QT) console, formerly known as IPython shell. The first section is about why this is useful, the second is about some issues I encountered and how to solve them, and the third contains everything you need to know to set it up. Continue reading “IPython Support for Binary Ninja”
Continue reading