Equifax

[tool release] BurpExtenderForge

Posted on 2nd February 2018

 

Read More
Equifax

SSRS Attacks Part 2 - Building an Empire

Posted on 17th January 2018

Background

In part 1, we looked at dynamically extracting table data from a compromised SSRS server. We covered:

Read More
Equifax

SSRS Attacks Part 1 - Dynamic Data Extraction

Posted on 8th January 2018

Background

SQL Server Reporting Services (SSRS) is a reporting engine designed to allow creation, publication and management of reports built on data stored in a MSSQL database. SSRS allows ogranisations to create paginated reports from numerous different data sets which can be displayed either in tables or visualised using graphical elements.

Read More
Equifax

In (zero) days gone by - Part 1 - Magento Unauthenticated SQLi (CVE-2011-4781)

Posted on 14th December 2017

Theorizing that one could dredge up old vulnerabilities and blog about them, Sam Thomas stepped into the Quantum Leet accelerator - and vanished. ... And so Sam finds himself leaping from vuln to vuln, striving to put right what once went wrong and hoping each time that his next sploit... will pop a root shell.

Read More

A bit about Dynamic Data Exchange (DDE)

Posted on 8th December 2017

I gave a talk at the local Glasgow Defcon in December 2017. The slides are available here:

Read More

Uploading files to RDP, VNC, or anywhere you can type

Posted on 28th November 2017

RDPUpload is a tool which implements an old technique for uploading files in python. There is nothing new in its concept but the implementation is. You can get it here:

Read More
Equifax

Setting Service Principal Names to roast accounts

Posted on 2nd November 2017

As a continuation of our previous post, we wanted to discuss another technique that can help during an red team engagement where the intention is to usually stay under the radar when compromising high value accounts.

Read More
Equifax

Using machine account passwords during an engagement

Posted on 30th October 2017

Introduction

Of the many advancements in red teaming over the last 12 months, the development of BloodHound has provided a monumental step forward and is quickly becoming an essential tool in the arsenal of an attacker.

Read More

Is Dynamic Data Exchange (DDE) Injection a thing?

Posted on 23rd October 2017

This month our old friend Dynamic Data Exchange (DDE) within Microsoft’s office suite has been popular topic. Many will be familiar with it if they have played with CSV Injection before. With that, you can use DDE within a formula to get code execution within Excel.

Read More
Equifax

Using NetBeans GUI Designer to make pretty Burp Extenders

Posted on 18th October 2017

In this tutorial I will provide you with a straightforward process that will get you in a position to make Extenders for Burp Suite. This is targeted at those using Java so that we can leverage the NetBeans GUI designer. By doing this you have a shot at making your GUI beautiful.

Read More