Author: Mike Manzotti – Senior Consultant
As part of a red team assessment, I discovered a bug affecting the latest version of Microsoft Outlook for Microsoft 365 (which was version 16.0.13801.20240 32 bit and 64-bit at the time of the discovery).
Category: researchblog
Multiple Vulnerabilities in Vivotek Camera
Author: Mike Manzotti – Senior Consultant
In a recent security engagement Vivotek Camera IT9388-HT (firmware version: 0100p) was found to be vulnerable to arbitrary file download (CVE-2020-11949) and remote command execution (CVE-2020-11950).
A Brief Story of a Red Team Security Assessment (2/2)
Author: Wesley Renshaw – Lead Consultant
The second article in our two part blog series giving you a behind the scenes look into how we conduct a Red Team Security Assessment.
A Brief Story of a Red Team Security Assessment (1/2)
Author: Wesley Renshaw – Lead Consultant
Our latest two-part blog series takes an in-depth look at a Red Team security assessment. This blog article provides technical details of our process giving you an insight on how we work.
Insecure Mobile Apps Can Lead to AWS Account Compromise
Author: Mike Manzotti – Senior Consultant
Nowadays the number mobile apps available on market stores such as Google Play or Apple’s App Store are constantly increasing. This fast-paced industry does not always consider cyber security a priority, especially when deadlines are tight, and often it is an afterthought.
In this blog I will guide you through part of a mobile app penetration test that allowed me to fully compromise an AWS account, which amongst other assets, included a WordPress website hosted on a EC2 instance.
How to Use OWASP Amass: An Extensive Tutorial
Author: Nick Gkogkos – Lead Consultant
Our extensive blog post provides a tutorial on how to use OWASP Amass to discover an organisation’s externally exposed assets.
Active Directory Password Auditing Part 3 – Analysing the Hashes
In two previous blog posts we discussed how to dump password hashes from a Domain Controller and how to crack these hashes to obtain a list of clear text passwords. In this blog post, we’ll learn how to obtain useful metrics from cracked password hashes in order to determine improvements to a password policy.
ShareAudit – The File Share Auditing Tool
In the previous blog post, we have discussed the steps in identifying sensitive information in file shares, as well as file servers with inappropriate access controls configured. It was aimed to provide organisations with a guide on how to perform internal file share audits. Dionach have now released a tool, ShareAudit, to further improve the process of performing these audits. The tool is now publicly available on GitHub.
Mitigating Social Engineering Risks
Social engineering is the process of manipulating people through various channels such as phishing, phone calls and physical instrustions. This post provides a walkthough of an example attack using emails and phone calls, and what organisations can do to reduce the risk of these kind of social engineering attacks.
Printer Server Bug to Domain Administrator
During a recent internal network penetration testing engagement, a number of common attack paths were unavailable as a number of security mechanisms were implemented such as the Local Administrator Password Solution (LAPS) and the prevention of logged on credentials from being cached in memory. Additionally, the estate had a relatively mature patching process, which reduced […]