Best Practice: Intel Unquoted Service Path
Affected Software Intel Management Interface <= 1815.12.0.2021 Issue In my last assessment I discovered an unquoted service path in the Intel Management Engine Interface. In general this could lead to privilege escalation on a system, if the service is running with higher privileges and we (unprivileged user) got writing permissions along the installation path of […]
HanseSecure as one of the top 21 – twice
It’s funny that two independent companies name the “21” cybersecurity and redteaming resources in the world. But I appreciate being named in both lists. One is an American tech blog called Techbeacon and the other is the American endpointprotectoin company SentinelOne. 2018 – Techbeacon: Modern Red Teaming: 21 resources for your security team. https://techbeacon.com/security/modern-red-teaming-21-resources-your-security-team 2019 […]
CVE-2019-12763: Insecure data storage security camera CZ
CVE CVE-2019-12763 Vulnerable software Android App: Security Camera CZ <= 1.6.8 Vulnerability Insecure data storage(M2, OWASP Mobile Top 10, 2016). Timeline Description The Security Camera CZ application up to 1.6.8 saves images of the recorded videos to the external data storage. These images could contain very sensitive and personal data, as they are often used […]
SmartScreen Bypass = strange?
During my last assessment, I noticed some strange behavior with Microsoft’s SmartScreen feature. Basically, this security feature should block the execution of untrusted files from the Internet(more information). In fact, the execution of untrusted applications is blocked when trying to open them via the GUI(file explorer). However, the execution is not blocked when opening the […]
HMV-01: Automatically generated screenshots
Description Screenshots of applications that are moved to the background are created for better user experience. Unfortunately, other apps can access them, exposing sensitive data such as banking information, passwords, or personal information. Example All applications in the background can be viewed (screen shots). Countermeasures Use the FLAG_SECURE to hide the screen when an app […]
New InfoSec Team spawned: BreachedSec
I decided to set up a new team of infosec professionals, because of a lot of project requests and my limited time. This team consists of people, who got a deep passion about pentesting and redteaming. Every team member will be presented at the page and the clients will always know who is in charge. […]
CVE-2018-7272: AM 5.0.0, 5.1.0
CVE CVE-2018-7272 Vulnerable software AT 5.0.0, 5.1.0 Vulnerability Unauthorized access Timeline 15.12.2017 Seller informs X.01.2018 Manufacturer has patched vulnerability 24.01.2018 Manufacturer publishes safety notice Description Forgerock ‘s AM is vulnerable to unauthorized access. TokenIDs are sent via HTTP GET requests that are stored in various places, such as proxy logs, local browsing history, and the like. This could […]
CVE-2018-16231: Remote DoS in Personal FTP Server <= 8.4f
CVE CVE-2018-16231 Vulnerable software FTP server <= 8.4f Vulnerability Remote denial of service Timeline 30.01.2018 Seller informed(also local BO ) X.02.2018 Vendor patched vulnerability local BO 31.07.2018 Seller informed again 31.08.2018 Disclosure Description Michael Roth Software Personal FTP Server (PFTP) up to 8.4f allows remote attackers to cause a denial of service (daemon crash) by […]
Backdooring PE-File (with ASLR)
Welcome to my next blog post. Today I want to show you some basic pentesting stuff. We will manually backdooring a PE file, in this case the putty client. I used the following software setup: Windows 10 Pro 32 bit Putty Stud_PE Immunity debugger Before we are getting our hands into assembly, i want to […]
HanseSecure at IT-Secuta 2018
From 21.11. The SECUTA Information Security Conference will take place in Garmisch-Partenkirchen from November 1 to 23, 2018. There, the current developments and challenges of information security will be shown in a practical way and solutions will be presented. The program includes live sessions, live hacking, current IT case law and the topic of EU […]
