Bold Statements
Recently, I had some time to play around with HEVD [1], an extremly vulnerable Windows driver available for 32-bit and 64-bit systems.
Since exploits for all vulnerabilities of the 32-bit variant are publically available, I was wondering why this is not the case for the 64-bit version, especially for the pool corruption and UAF vulnerabilities.
Continue reading “Spraying arbitrary objects into the non-paged pool”
Continue readingI have the pleasure to announce the Active Directory Security Summit 2018 at 13th. of November of 2018. The summit covers current Active Directory security related topics such as challenging tasks of hybrid Active Directory operations as well as new security best practices and some ‘evergreens’ – Admin Tiering implementations (what about Exchange and DNS…??), ESAE operations etc. 😉 Continue reading “Active Directory Security Summit 2018, 13th. of November of 2018”
Continue readingtl;dr: With the tool nmap-parse-output you can convert, manipulate or extract data from a Nmap/masscan scan output. This allows you to get the information you’re looking for by just entering a straightforward command. Continue reading “nmap-parse-output: A tool for analyzing Nmap scans”
Continue readingTaking a look at the CVE List for WordPress, most vulnerabilities aren’t found within the WordPress core but inside of third-party plugins and themes.
Today, let’s talk about WordPress.
Performing a WordPress assessment might seem boring at first as core functionality [tested] and configuration does not allow for extensive security misconfigurations. Luckily, most instances use plugins and themes to add features not offered by the WordPress core.
In this blog post I would like to discuss the findings and how I discovered them. Also, I will describe different vendor responsiveness reaching from not responding at all, to not understanding the issue to fast and professional responses kindly asking for a review of the updated code ready for deployment. Continue reading “A few notes on WordPress Security”
Continue readingThis blogpost is about the release of a plugin for Binary Ninja that allows you to run a Python Kernel inside the Binary Ninja GUI environment to which you can attach a Jupyer (QT) console, formerly known as IPython shell. The first section is about why this is useful, the second is about some issues I encountered and how to solve them, and the third contains everything you need to know to set it up. Continue reading “IPython Support for Binary Ninja”
Continue readingA new major version of our fuzzing framework dizzy has been released.
This blog post will cover the biggest changes and new features, as well as give you a short introduction into how to use them.
You can find the new version on github.
Continue reading “dizzy version 2.0 released”
Continue readingGender equality in the Infosec world as a topic of discussion comes with a lot of heated arguments and differences in opinion.
So let me start with some disclaimers on the target audience for this post. If you are in the category who believes everything about gender is perfect in the infosec world, this post is not for you. If you are in the category who believes gender and bringing diversity is not your area of interest, then this post is not for you either. There are so many interesting problems that the world offers you. Climate change, poverty, diseases, unemployment, addiction, science problems and what not. Everybody has the freedom to choose their area of interest and contribute towards it. If you are in the category who thinks gender equality in infosec needs some attention and would like to explore more on the topic without prejudices, then this post may be interesting to you. Continue reading “Diversity, Community, Blackhoodie”
Some weeks ago, I tweeted about grabbing clipboard content from KeePass with some PowerShell. From some reactions to this tweet, and after reading it a couple of times again, I realize it was sending the wrong message, and I would like to take a bit more than 280 chars to clarify what I meant when I posted that tweet…
TLDR: Password managers are a must, not using one exposes you to far more risks than using one. Do it. Continue reading “A little KeePass Mea Culpa…”
Continue readingWhen I recently joined the Windows Security team at ERNW, Enno asked me if I wanted to write a ‘welcome’ blogpost on a topic of my choosing… Up for the challenge, and since I had been playing with BloodHound & Cypher for the last couple of months, I first thought I would do something on that topic.
However, after gathering my thoughts and some Cypher I had collected here and there, I realized that the topic of Bloodhound Cypher might actually require several blog posts… And so I changed my mind. I will keep the joys of Cypher for later, and in this post, I will talk about a tiny tool I wrote to query the Mitre ATT&CK™ knowledge base from the comfort of a PowerShell prompt. Continue reading “PoSh_ATTCK – ATT&CK Knowledge at your PowerShell Fingertips…”
Continue readingIn Mai 2018, Tobias and me were in Cologne at the Building IoT conference. The topics of the talks covered a broad spectrum of the Internet of Things field. There were three tracks covering different topics ranging from the jungle of IoT protocols, secure Linux hypervisors specially developed for IoT modules to machine learning and blockchain.
Continue reading “The building IoT 2018 in Cologne”
Continue reading