Citrix disclosed on July 7th, 2020 a number of vulnerabilities in the Application Delivery Controller. This blog is a summary of what we know as the situation develops.
Archive
An offensive guide to the Authorization Code grant
OAuth is the widely used standard for access delegation, enabling many of the "Sign in with X" buttons and "Connect your Calendar" features of modern Internet software. OAuth 2.0 is the most common and recent version of this specification, which defines four grant types (as well as various extensions), specifically suited for different use cases. … Continue reading An offensive guide to the Authorization Code grant
Technical Advisory – KwikTag Web Admin Authentication Bypass
Vendor: ImageTagVendor URL: https://www.kwiktag.comVersions affected: 4.5.2 - 9.0Systems Affected: KwikTag Web AdminAuthor: Clayton LowellAdvisory URL / CVE Identifier: https://www.kwiktag.com/admin-security-advisory_202005/Risk: High Summary: KwikTag is a digital document management solution. KwikTag Web Admin is used to administrate accounts and permissions of the KwikTag instance. KwikTag Web Admin grants an active session without properly validating expired admin credentials. … Continue reading Technical Advisory – KwikTag Web Admin Authentication Bypass
Pairing over BLS12-381, Part 1: Fields
This is the first of three code-centric blog posts on pairing based cryptography. The series will ultimately conclude with a detailed review of the popular BLS12-381 pairing operations found in a variety of applications such as BLS signatures [1]. Support for these operations in an Ethereum precompiled contract has been proposed [2], and support for … Continue reading Pairing over BLS12-381, Part 1: Fields
RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence
CVE-2020-5902 was disclosed on June 1, 2020 by F5 Networks in K52145254 as a CVSS 10.0 remote code execution vulnerability in the Big-IP administrative interface. By June 3, 2020 NCC Group observed active exploitation. This blog is a summary of what we know as the situation develops.
Experiments in Extending Thinkst Canary – Part 1
The Thinkst Canary is best described as a digital tripwire for physical and virtual environments. It sits there waiting for a threat actor to tip you off they are mooching around your environment. What is less appreciated however is it is extensible with custom user modules. This post is the first in a series detailing our experiments in extending the product.
Tool Release – ScoutSuite 5.9.0
We're proud to announce the release of a new version of our open-source, multi-cloud auditing tool ScoutSuite (on Github)! Since the release of 5.8.0 back in late March, we've had over 300 commits from 8 different contributors, and closed 30 PRs. Notable improvements and features include: AWS Added 4 new ELB and ELBv2 findingsAdded support … Continue reading Tool Release – ScoutSuite 5.9.0
Technical Advisory – macOS Installer Local Root Privilege Escalation (CVE-2020-9817)
A local macOS user or process may be able to modify or replace files executed by Installer. This could allow a low-privileged user or process to gain arbitrary code execution with root privileges, effectively leading to a full system compromise.
Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often
tl;dr Today we've released a whitepaper on the key techniques that continue to enable us to breach the largest and most sophisticated organisations on the planet. Organisations that prioritize these areas, and the mitigations we outline, will thwart attacks while making threat actors work harder and ultimately fail more often. Objective The purpose of this … Continue reading Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often
How-to: Importing WStalker CSV (and more) into Burp Suite via Import to Sitemap Extension
In this post we show how to import WStalker output into Burp Suite and the Logger++ extension to build a sitemap from a recorded session for use in Intruder and Repeater.