piątek, 29 listopada 2019

From 0 to 0day - quick fuzzing lesson

In most time the question(s) you're asking me via blog or twitter is: "how to prepare a fuzzing lab" or "how to perform an analysis of the crash we found". I decided to spent last few days for preparing a small example for you to give you the answer(s) for both of the questions. Below you will find the details. Here we go...

czwartek, 28 listopada 2019

XSS in Oracle EPMS

I was asked to help during the webapp pentest of Oracle EMPS. I decided to share one found XSS bug with you. Below you will find the details. Here we go...

wtorek, 19 listopada 2019

Reading spam for a breakfast

Today I woke up at 5:00 AM and I decided that this is a great moment to read some SPAM. ;) Coffee is ready so here we go...

sobota, 16 listopada 2019

Quick memory review - extracting secrets from Hikivision iVMS-4200

Last time I tried to use Sysinternals to check few things in Windows 10. This time I tried to get some more details (read: passwords;)) to use it during lateral movement (if needed). Below you will find the details of this scenario. Here we go...

sobota, 9 listopada 2019

Sysinternals Suite - quick review for Windows 10

Sometimes during the project at the Client's office you can see that environment there is mostly hardened well (so for example we can not install new soft, we can not open new ports or add users and we can not connect our laptop to the network, etc). In that scenario I decided to check some tools from Sysinternals Suite. Below you'll find few notes. Here we go...

czwartek, 7 listopada 2019

wtorek, 5 listopada 2019

Fool-AV-riend - Windows 10


Few days ago I was reading one of the tutorials related to 'pentesting AD'. They are all pretty cool. You can learn a lot from the content presented by the authors. But my question is...

Crashing HoneyView 5.31

During last week I was looking for some new soft to fuzz. This time I tried Honeyview (v. 5.31). Below you will find the details. Here we go...

Crashing Better JPEG

Last week I tried to fuzz few 'new' soft I found somewhere online. Below you will find the details about one image viewer called Better JPEG (v.3.0.3.0). Here we go...