Clik here to view.
Do you know what your ERP is telling us?
Interesting engagement I had a few weeks ago, a client wanted assurance on their ERP – Oracle E-Business suite, to be specific. I spent a few weeks just to formulate an efficient strategy and be able...
View ArticleClik here to view.
Word Heist!
So, I stumbled upon an interesting script. Over the years, I have been using various tools and scripts to do spear phishing; with the many vulnerabilities in Microsoft Office Suite and Adobe PDF reader...
View ArticleClik here to view.
Penetration testing Sharepoint
Like any normal web application, Sharepoint may fall prey to OWASP Top 10 vulnerabilities with a special focus on XSS, mostly due to inadequate patching and misconfiguration. On this post, we focus on...
View ArticleClik here to view.
Exploiting Windows with Eternalblue and Doublepulsar with Metasploit!
Most of us got hold of the NSA exploits recently released to the public and there was so much hype and public statements around it. A lot has been said, and most vendors came out to defend their...
View ArticleClik here to view.
From Shodan to Remote Code Execution #2 – hacking OpenDreambox 2.0.0
A sequel to the last post of what is now becoming a series of “From Shodan to remote code execution”, we now take a look at how to hack misconfigured Dreambox installations. Dreambox is a company which...
View ArticleClik here to view.
SAMBAry save us!!
Remember linux users laughing at Windows users because of the now all too famous Wannacry? Karma. According to Samba, “All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution...
View ArticleClik here to view.
From Shodan to Remote Code Execution #1 – hacking Jenkins
In this era of extreme automation, whether for development, programming deployment or even security management are we getting closer to security maturity or are we better off without the automation? In...
View ArticleBlackhat Europe 2017 – conference notes
I had the pleasure to attend the Blackhat Europe 2017 in London – and it was enlightening! In this post, I shall provide links to the slide decks, videos and tools shared during the demonstrations,...
View ArticleClik here to view.
From Shodan to Remote Code Execution #3: Hacking the Belkin N600DB Wireless...
Our newest post of this interesting series of Shodan to RCE takes us to Belkin routers. Shodan search: “Server: httpd” “Cache-Control: no-cache,no-store,must-revalidate, post-check=0,pre-check=0”...
View ArticleClik here to view.
Oracle EBS Security auditing
So this is my attempt to improve on this post I wrote last year and other tests that I find helpful. Whatever is outlined here really is a tip of the iceberg and further tests should definitely be done...
View Article