Red Team
Rooting out Risky SCCM Configs with Misconfiguration Manager
tl;dr: I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager.Ever since Garrett Foster, Duane Michael, and I released Misconfiguration Manager at SO-CON last month, we’ve had tons ...
Ghostwriter v4.1: The Custom Fields Update
Let’s dive into what makes this so exciting! There’s so much to cover that we won’t be offended if you want to look at the CHANGELOG for a quick synopsis.Introducing Customizable FieldsOver ...
Spinning Webs — Unveiling Arachne for Web Shell C2
Spinning Webs — Unveiling Arachne for Web Shell C2What is a web shell?A web shell is a payload that allows continued access to a remote system, just like other “shells” we refer to in computer security ...
CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability
CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability. The post CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability appeared first on Horizon3.ai ...
CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive
On January 22, 2024 Fortra posted a security advisory for their GoAnywhere MFT product. This advisory details an authentication bypass vulnerability, CVE-2024-0204, that allows an unauthenticated attacker to create an […] The ...
Beyond Breach: The Aftermath of a Cyberattack
Cyberattacks are no longer an occasional headline; they’ve become a grim reality. In 2023 alone, a staggering 236.1 million ransomware attacks occurred globally in just the first half of the year, according ...
Calling Home, Get Your Callbacks Through RBI
Authored By: Lance B. Cain and Alexander DeMineOverviewRemote Browser Isolation (RBI) is a security technology which has been gaining popularity for large businesses securing their enterprise networks in recent years. This blog ...
Writeup for CVE-2023-43208: NextGen Mirth Connect Pre-Auth RCE
Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability, CVE-2023-43208. If ...
Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability
Introduction Back in Aug. 2023 we released an advisory for CVE-2023-39143, a critical vulnerability that affects Windows installs of the PaperCut NG/MF print management software. Attackers can exploit this vulnerability […] The ...
Abusing Slack for Offensive Operations: Part 2
When I first started diving into offensive Slack access, one of the best public resources I found was a blog post by Cody Thomas from back in 2020 (which I highly recommend ...
