Mogozobo
  • Subscribe
  • Twitter
  • Facebook
  • Infosec
  • Assignment
  • Fishing
  • Family
  • General

  • (0-days) ENTTEC Lighting Controllers Vulnerabilities

    In March 2019 I discovered numerous vulnerabilities in a number of ENTTEC’s Lighting Controller products. These vulnerabilities were identified in the current firmware versions publicly available from ENTTEC’s website product pages. According to the comapany’s website, ENTTEC are “Leaders in the expert design and manufacture of LED lights and controls, ENTTEC are an Australian company […]

    Posted: March 30th, 2019 ˑ  No Comments
    Filled under: Infosec

  • Welcome to 2019, BTW disclosure is still borked

    Straight up TL;DR here… I don’t give a flying toss which form of disclosure you choose to use when disclosing vulnerabilities, just do not preach to me regarding how I should go about the process. I am writing this short rant to answer the perpetual questions I receive around which disclosure discipline I personally subscribe […]

    Posted: March 29th, 2019 ˑ  No Comments
    Filled under: Infosec

  • (CVE-2018-5457) Vyaire Medical CareFusion Upgrade Utility Vulnerability

    Background: On the 03rd August 2017 I discovered an Uncontrolled Search Path Element (CWE-427) vulnerability in Vyaire Medical’s CareFusion Upgrade Utility software. This vulnerability can be exploited by placing a crafted DLL file in the search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and execute arbitrary […]

    Posted: February 7th, 2018 ˑ  No Comments
    Filled under: Infosec

  • (CVE-2017-14020) Automation Direct Multiple Software Vulnerabilities

    Background: In late July 2017, I discovered vulnerabilities in a number of AutomationDirect’s industrial control products, particularly around the programming and interaction software. These vulnerabilities can be exploited by placing a crafted DLL file in the software search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and […]

    Posted: December 4th, 2017 ˑ  No Comments
    Filled under: Infosec

  • (CVE-2017-14029) VTScada HMI and SCADA Software Vulnerability

    Background: On the 05th August 2017 I discovered an Uncontrolled Search Path Element (CWE-427) vulnerability in Trihedral Engineering Limited’s VTScada HMI and SCADA software. This vulnerability can be exploited by placing a crafted DLL file in the search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and […]

    Posted: November 1st, 2017 ˑ  No Comments
    Filled under: Infosec

  • (CVE-2017-13993) i-SENS Inc. SmartLog Diabetes Management Software Vulnerability

    Background: On the 03rd August 2017 I discovered an Uncontrolled Search Path Element (CWE-427) vulnerability in i-SENS Inc. SmartLog Diabetes Management Software. This vulnerability can be exploited by placing a crafted DLL file in the search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and execute arbitrary […]

    Posted: September 8th, 2017 ˑ  No Comments
    Filled under: Infosec

  • Your broker is a pimp…

    The year was 1999; what an awesome year!! The Y2K bug made us all rich (or poor)… we all started to see dead people using our Sixth Sense … and primary coloured drugs became all the rage as we followed the white rabbit into The Matrix. On top of all that excitement, a couple of […]

    Posted: August 29th, 2017 ˑ  No Comments
    Filled under: Infosec

  • Hunting eggs and 0-days…

    What follows is my brief review of the “Cracking the Perimeter” course and the associated OSCE challenge. You can find my reviews of the OSWP and OSCP challenges at the following locations: “The will, the Wifu, and the paper” – OSWP “A splash of Pain, a dash of Sufference, and bucket load of Humble.” – […]

    Posted: March 13th, 2017 ˑ  1 Comment
    Filled under: Infosec

  • (CVE-2017-9335) Red Lion Controls Sixnet-Managed Industrial Switches, AutomationDirect STRIDE-Managed Ethernet Switches Vulnerabilities

    Background: On the 16th October 2016 I discovered a number of vulnerabilities in Red Lion Controls’ Sixnet SLX Managed Industrial Switches and AutomationDirect’s STRIDE Managed Ethernet Switches. The industrial switches are commonly deployed worldwide in critical infrastructure environments and were identified to Use Hard-coded Cryptographic Keys (CVE-2017-9335 | CWE-321) as well as Incorrect Permissions Assignment […]

    Posted: February 24th, 2017 ˑ  2 Comments
    Filled under: Infosec

  • When the ‘Things’ in the ‘Internet of Things’ become weaponised

    At a recent forum, I was asked a very simple question; “Is it really ‘that’ important to secure our IoT devices?” Whilst the answer may seem quite obvious, the real question is why? Why is it ‘that’ important to secure our IoT devices? What could possibly go wrong with insecure deployments? In late September, the […]

    Posted: November 21st, 2016 ˑ  No Comments
    Filled under: Infosec

  • Fear The Necromancer!

    After the success of my first boot2root, The Wall, I decided I would create another challenge. Welcome to The Necromancer! There are 11 flags to collect on your way to solving the challenging, and the difficulty level is considered as beginner. The end goal is simple… destroy The Necromancer! I hope everyone enjoys the challenge. […]

    Posted: July 11th, 2016 ˑ  4 Comments
    Filled under: Infosec

  • Whois Mr Robot

    It has been a while since I have had a crack at any of the boot2root boxes over at vulnhub, so when I saw the following tweet saying there was a Mr Robot inspired VM released I could not hold back! Like always… let’s see what ports are open. Port 80 and 443; nice. Let’s […]

    Posted: June 30th, 2016 ˑ  No Comments
    Filled under: Infosec
Previous page 
© 2016 Mogozobo. All images are copyrighted by their respective authors.