Normal view

There are new articles available, click to refresh the page.
Before yesterdayShielder

How to Decrypt Manage Engine PMP Passwords for Fun and Domain Admin - a Red Teaming Tale

✇Shielder
5 September 2022 at 10:00
TL;DR During a recent Red Teaming assessment we have found an internet-exposed instance of ManageEngine’s Password Manager Pro which was vulnerable to a pre-authentication Remote Code Execution (CVE-2022-35405). After gaining code execution we reverse engineered the password encryption/decryption routine to decrypt all the passwords and hack our way to become Domain Admin. What’s a Red Teaming? Red Team(ing) is an abused word in the InfoSec world and it’s commonly used to define various things:

AWS CodeBuild + S3 == Privilege Escalation

✇Shielder
10 July 2023 at 10:00
Introduction In the last decade one of the most common patterns observed in web applications is their shift to cloud environments. This means that in 2023 you can’t evaluate the security of a web application without going through a review of its cloud infrastructure as you might miss the elephant in the room. That’s why we - as in Shielder - always try to learn new techniques to assess the security of cloud environments.

CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files

✇Shielder
24 October 2023 at 10:00
TL;DR Orthanc is an open source software to manage, exchange and visualize medical imaging data. In versions < 1.12.0, it is affected by an arbitrary file overwrite vulnerability (CVE-2023-33466) that might allow an authenticated attacker to obtain RCE on the system. The CVE was published on June 2023, but no exploit was publicly available for it, so we chose to publish this blogpost with more details about the vulnerability so you can exploit and mitigate it.

Hunting for ~~Un~~authenticated n-days in Asus Routers

✇Shielder
30 January 2024 at 10:00
TL;DR After reading online the details of a few published critical CVEs affecting ASUS routers, we decided to analyze the vulnerable firmware and possibly write an n-day exploit. While we identified the vulnerable piece of code and successfully wrote an exploit to gain RCE, we also discovered that in real-world devices, the “Unauthenticated Remote” property of the reported vulnerability doesn’t hold true, depending on the current configuration of the device.

Bref Security Audit

✇Shielder
29 March 2024 at 12:00
TL;DR Shielder, with OSTIF and Amazon Web Services, performed a Security Audit of Bref. The audit resulted in five (5) findings ranging from low to medium severity. The Bref maintainers and community addressed most of the the issues in a timely and accurate manner. Today, we are publishing the full report in our dedicated repository. Introduction In December 2023, Shielder was hired to perform a Security Audit of Bref, an open-source project that helps you go serverless on AWS with PHP.

Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers

✇Shielder
18 April 2024 at 08:00
TL;DR During a security audit of Element Android, the official Matrix client for Android, we have identified two vulnerabilities in how specially forged intents generated from other apps are handled by the application. As an impact, a malicious application would be able to significatively break the security of the application, with possible impacts ranging from exfiltrating sensitive files via arbitrary chats to fully taking over victims’ accounts. After private disclosure of the details, the vulnerabilities have been promptly accepted and fixed by the Element Android team.
❌
❌