Top Security QuickFails: #1 Office Macros
#1 Standard Office Macros Einstellungen Der Angriff Unser Mitarbeiter des Monats Peter Lustig erhält eine E-Mail seines Lieferanten SuperSchnell GmbH, welcher eine korrigierte Bestellung in einem Excel Sheet angehangen hat. Natürlich wurde das Excel Sheet mit einem Passwort geschützt, da ja die Datenschutz Grundverordnung alles andere strikt untersagt xD Herr Lustig öffnet also seinen E-Mail […]
Offensive Security Certified Expert && me
As promised on Twitter here is my OSCE review. You can read my time line from before course enrolling until the end of the exam here. So, let’s go. Stage_0: Preparation just before enrolling! First, I read a ton of other reviews to get an idea about the course and the exam. There is nothing […]
CVE-2009-1437: RCE in CoolPlayer+ <= 2.19.6 (Windows 10 Pro)
While doing my preperation for the OSCE i found an exploit for the coolpalyer+ version 2.19.1 from 2009. I decided to check this vulnerability in the recent software version (2.19.6) on my Windows 10 machine. The following post descripes the exploit development. 1. Create PoC I created a small python script, which creates a .m3u file […]