News
20 February 2018
MS13-105: Oracle Outside In MDB Parsing Vulnerability – CVE-2013-5791
People sometimes ask how to know what exact vulnerability was patched in particular piece of closed source software. In this blog, we would like to describe one such example from the Microsoft security bulletin.
28 January 2018
Essentials for ICS/SCADA defence
In Summer 2016, as we cranked up our efforts to get deep into the Industry Security landscape, we had the pleasure to host Christine Kinch as our intern and researcher.
28 January 2018
How We Bypassed NOD32 and Hacked a Paranoid Customer
During penetration testing for a big customer, we hacked a number of Microsoft Windows servers. At one point, part of our attack was thwarted by ESET’s NOD32 system.
28 January 2018
Considerations before using keybase.io
Keybase.io is a service that according to their website “maps your identity to your public keys, and vice versa.”. It is also doing other optional things such as an encrypted filesystem and synchronized key management.
28 January 2018
Unofficial Patch Tuesday – MSMQ Privilege Escalation Vulnerability Hotfix
Microsoft won’t patch this one — so we did. CVE-2014-4971 is a known privilege escalation vulnerability in the MSMQ service on Windows XP. Citadelo’s unofficial hotfix helps secure legacy systems against this active exploit.
28 January 2018
WebsiteBaker CMS 2.10.0 – Multiple SQL Injection Vulnerabilities
The vulnerability exists due to insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains access to all records stored in the database with the privileges of the WebsiteBaker database user