Today we release the details of CVE-2014-3440, a remote code execution vulnerability in Symantec Critical System Protection. You can get the detailed advisory on the following link: CVE-2014-3440 – Symantec Critical System Protection Remote Code Execution We reported the vulnerability with the help of Beyond Security, Symantec fixed the vulnerability...
2015-05-07 — 3 minute readIntro Last year we decided to expand our pentest team, and we figured that offering a hands-on challenge would be a good filter for possible candidates, since we’ve accumulated quite a bit of experience from organizing wargames and CTF at various events. We provided an isolated network with three hosts...
2015-04-03 — 9 minute readRenewal paper of my GIAC Penetration Tester certification: http://www.giac.org/paper/gpen/6684/aix-penetration-testers/125890 Enjoy!
2015-01-09 — 1 minute readAt the 31. Chaos Communication Congress I had the pleasure to watch the presentation of Fabian Yamaguchi about the code analysis platform Joern. I’ve heard about this tool before at Hacktivity but this time I could have deeper view on the internals and the capabilities of the software that inspired...
2015-01-06 — 2 minute readDuring an external pentest – what a surprise – I found a WebLogic server with no interesting contents. I searched papers and tutorials about WebLogic hacking with little success. The public exploitation techniques resulted in only file reading. The OISSG tutorial only shows the following usable file reading solution: curl...
2014-10-03 — 5 minute read1. Background A couple of months ago we had the opportunity to take a closer look at a FireEye AX 5400 malware analysis appliance. The systems of FireEye are famous for catching targeted attacks that tend to evade traditional security systems, so we were really excited to find out more...
2014-07-28 — 3 minute readWe worked for a big company in Hungary and there were some HP-UX targets. I got local user access easily to the servers but the operating system was HP-UX 11.31 without public privilege escalation sploit. This is not a big deal, this happens very often. I checked the backups, the...
2014-06-25 — 2 minute readAnalyzing the security of security software is one of my favorite research areas: it is always ironic to see software originally meant to protect your systems open a gaping door for the attackers. Earlier this year I stumbled upon the OfficeScan security suite by Trend Micro, a probably lesser known...
2014-06-06 — 11 minute read