SECURITY LABS

SECURITY BLOG
Undetectable Metasploit WAR

A possible attack path during a penetration test is having access to the administrative console of a JAVA Application Server (like WAS, JBOSS and Tomcat) installed on a Windows server with default or guessable (e.g. through brute-force) administrative credentials.

READ MORE
Fast Forward Brute-Forcing Apache Tomcat 6/7/8

Just a way around Apache Tomcat "brute-forcing" delay mechanism...

READ MORE
Client Side Penetration Testing - T&T Part 2

This is the 2nd part, out of 2 blog articles, which demonstrate some tips and techniques (T&T) for client side penetration tests. The previous article included tips and techniques on how to deliver spoofed emails without being blocked. This article includes techniques on how to embed an executable file within attachable files, without being detected by mail filters and anti-virus.

READ MORE
Client Side Penetration Testing – T&T Part 1

This is the 1st part, out of 2 blog articles, which will demonstrate some useful tips and techniques (T&T) for client side penetration tests. This article includes tips and techniques on how to deliver spoofed emails and how to defend against email spoofing. The next article will include techniques on how to embed an executable file in attachable files without being detected by mail filters and anti-virus.

READ MORE
Multiple vulnerabilities identified on Aircrack-ng

About a month ago I identified four vulnerabilities in Aircrack-ng suite. A brief but technical description may be found below. Furthermore, references on the proof-of-concept exploit code and the OSI advisory maybe be found at the end of this article.

READ MORE
Integrating People Process and Technology

Being in and remaining in a “secure state” requires a continuous process of awareness, preparedness and readiness. It is a highly demanding, cross-domain activity that covers nearly all aspects of an organization and involves resources with different skills and levels of expertise.

READ MORE
Using UDF in Penetration Testing Part 2

This is the second part of the User Defined Function (UDF) usage in Penetration Testing. At this post we will try illustrate how to get a reverse shell from a Windows machine, with MySQL installed.

READ MORE
Using UDF in Penetration Testing

This article discusses a basic UDF creation for a MySQL server, for educational purposes only.

READ MORE