Blog

This is a short usage guide which should explain my simple wrapper for the spike fuzzer, which you can find here. For this example i used the well known vulnserver 😉 0x01 Determine possible commands A simple nc && HELP command revealing all possible commands. 0x02 Create Text File containing commands […]

HowTo: ExploitDev Fuzzing

6 Mrz, 2018 in exploit / HowTo

CVE CVE-2018-7272 Vulnerable Software AM 5.0.0, 5.1.0 Vulnerability Unauthorized Access Time Line 15.12.2017 Vendor informed X.01.2018 Vendor patched flaw 24.01.2018 Vendor released Security Advisory Description The AM from Forgerock is vulnerable to unauthorized access. The TokenIDs are sended via HTTP-GET requests, which are stored at several places like proxy-logs, local browser history and […]

CVE-2018-7272: AM 5.0.0, 5.1.0

20 Feb, 2018 in Vulnerability

Vulnerable Software FTP-Server 8.0f(g) Vulnerability Local Buffer Overflow (SEH protected)-> Code Execution Time Line 24.01.2018 Vendor informed 30.01.2018 Vendor reminded 12.02.2018 Software patched 20.02.2018 Vulnerability Disclose Description The free FTP-Server from Michael Roth Software is vulnerable to a local buffer overflow. One of the advanced options within the application didn’t have […]

Vulnerability in Personal FTP-Server 8.0f(g)

20 Feb, 2018 in Vulnerability

As promised on Twitter here is my OSCE review. You can read my time line from before course enrolling until the end of the exam here. So, let’s go. Stage_0: Preparation just before enrolling! First, I read a ton of other reviews to get an idea about the course and […]

Offensive Security Certified Expert && me

20 Feb, 2018 in Security Blog / Zertifizierungen

While doing my preperation for the OSCE i found an exploit for the coolpalyer+ version 2.19.1 from 2009. I decided to check this vulnerability in the recent software version (2.19.6) on my Windows 10 machine. The following post descripes the exploit development. 1. Create PoC I created a small python script, […]

CVE-2009-1437: CoolPlayer+ <= 2.19.6 (Windows 10 Pro)

19 Feb, 2018 in exploit / Vulnerability

Am 27.02.2018 zwischen 13 und 16 Uhr bietet die IHK München zusammen mit Experten aus dem Bereich Informationssicherheit eine Gesprächsrunde für Unternehmen an. Diese können hier vertraulich über die Herausforderungen zur IT-Sicherheit in ihrem Unternehmen sprechen. Ich stelle mich hierbei allen Fragen von der konzeptionellen bis hin zur technischen Informationssicherheit […]

Florian Hansemann als Experte bei der IHK München

7 Feb, 2018 in News

Das leidige Thema Passwörter und deren Verwaltung. Ich werde immer wieder gefragt, wie man dieses Problem lösen kann. Daher habe ich mich entschieden, einen kurzen Guide für KeePass zu verfassen. Also los geht’s 😉 #1 Installation und Erster Start Zunächst besorgt man sich die entsprechende Software beim offiziellen Hersteller und […]

Schluss mit (Passwörter-) Chaos!

8 Jan, 2018 in Hinweise und Tipps / Security Blog

The last post for my SLAE certification is about encryption of shellcode. As usual you can find all my files on github. Nothing special in place. Pick your favourit Shellcode Use my custom AES encrypter Insert the encrypted Shellcode and secret AES key into the decrypter Test the decrypted Shellcode […]

SLAE Assignment #7 | Custom Cryptor

23 Nov, 2017 in Security Blog / Zertifizierungen

This task (pick up 3 shellcodes from Shell-Storm and use polymorphism to beat pattern matching) sounds really sophisticated but you will see it’s a very handy way for AV evasion for your shellcode. Check my github account for the files. We have to pick three random shellcodes from shell-storm. /bin/sh […]

SLAE Assignment #6 | Polymorphing Shellcodes

10 Okt, 2017 in Technik / Zertifizierungen

Got time to read? This tasks was a bigger one. We have to pick 3 random metasploit payloads and analyze their shellcode. After building bind and reverse shell in the first two posts i choosed the following (check all files on my github account): Exec whoami Readfile Adduser Exec whoami […]

SLAE Assignment #5 | Analyze Metasploit Payloads

9 Okt, 2017 in Technik / Zertifizierungen