Night fuzzing session - IdaPro 6.6

According to previous adventures few days ago I decided to continue 'night fuzzing session' and this time I tried to run a quick check for Ida Pro (version 6.6). Below you'll find more details about it. Here we go...

See you when I see you

Few months ago during some pentest project I found that inside the "Client's Network" we have an access to the IPCam-network. Few more details about it - you'll find below. Here we go...

Fuzzing FreeBSD 12.3

After last adventures with JunOS bugs I decided to learn more about FreeBSD - the base (afaik) OS for the "Juniper vSRX" I tested in the lab [1, 2]. I decided to start a quick fuzzing for the binaries inside this OS. Below you'll find few notes about it. Here we go...

Escape from the Secret Garden

Last time when we talked about Juniper/JunOS we focused mostly[1,2] on XSS bugs. Today we'll talk about postauth CLI access and how to extend it ;). Here we go...

Pentesting Pentesters with MSF Jump Host

Let's think about the scenario for a pentest/redteam project during which we are using 'our dedicated jump host'. "What if" someone will takeover this host? This time we'll try to check the potential results of this kind of attack. Here we go...

Ansible - Quick Shot

I decided to create this small document to collect few basic ideas about Ansible and how it can be used during a ‘day-to-day’ scenarios for pentest and red team projects. If you’re already familiar with Ansible – this document more likely will be a small ‘cheat sheet’ if you’d like to use Ansible to perform some actions during the projects. Anyhow… Enjoy and have fun! ;) Here we go...

Postauth XSS bugs in Juniper 12.x

Last time we talked about XSS bugs in Junos Space 21.x. This time we'll talk a bit about few XSS bugs I found in Juniper 12.x. Here we go...