Mogozobo
  • Subscribe
  • Twitter
  • Facebook
  • Infosec
  • Assignment
  • Fishing
  • Family
  • General

  • (CVE-2017-14020) Automation Direct Multiple Software Vulnerabilities

    Background: In late July 2017, I discovered vulnerabilities in a number of AutomationDirect’s industrial control products, particularly around the programming and interaction software. These vulnerabilities can be exploited by placing a crafted DLL file in the software search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and […]

    Posted: December 4th, 2017 ˑ  No Comments
    Filled under: Infosec

  • (CVE-2017-14029) VTScada HMI and SCADA Software Vulnerability

    Background: On the 05th August 2017 I discovered an Uncontrolled Search Path Element (CWE-427) vulnerability in Trihedral Engineering Limited’s VTScada HMI and SCADA software. This vulnerability can be exploited by placing a crafted DLL file in the search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and […]

    Posted: November 1st, 2017 ˑ  No Comments
    Filled under: Infosec

  • (CVE-2017-13993) i-SENS Inc. SmartLog Diabetes Management Software Vulnerability

    Background: On the 03rd August 2017 I discovered an Uncontrolled Search Path Element (CWE-427) vulnerability in i-SENS Inc. SmartLog Diabetes Management Software. This vulnerability can be exploited by placing a crafted DLL file in the search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and execute arbitrary […]

    Posted: September 8th, 2017 ˑ  No Comments
    Filled under: Infosec

  • Your broker is a pimp…

    The year was 1999; what an awesome year!! The Y2K bug made us all rich (or poor)… we all started to see dead people using our Sixth Sense … and primary coloured drugs became all the rage as we followed the white rabbit into The Matrix. On top of all that excitement, a couple of […]

    Posted: August 29th, 2017 ˑ  No Comments
    Filled under: Infosec

  • Hunting eggs and 0-days…

    What follows is my brief review of the “Cracking the Perimeter” course and the associated OSCE challenge. You can find my reviews of the OSWP and OSCP challenges at the following locations: “The will, the Wifu, and the paper” – OSWP “A splash of Pain, a dash of Sufference, and bucket load of Humble.” – […]

    Posted: March 13th, 2017 ˑ  1 Comment
    Filled under: Infosec

  • (CVE-2017-9335) Red Lion Controls Sixnet-Managed Industrial Switches, AutomationDirect STRIDE-Managed Ethernet Switches Vulnerabilities

    Background: On the 16th October 2016 I discovered a number of vulnerabilities in Red Lion Controls’ Sixnet SLX Managed Industrial Switches and AutomationDirect’s STRIDE Managed Ethernet Switches. The industrial switches are commonly deployed worldwide in critical infrastructure environments and were identified to Use Hard-coded Cryptographic Keys (CVE-2017-9335 | CWE-321) as well as Incorrect Permissions Assignment […]

    Posted: February 24th, 2017 ˑ  2 Comments
    Filled under: Infosec

  • When the ‘Things’ in the ‘Internet of Things’ become weaponised

    At a recent forum, I was asked a very simple question; “Is it really ‘that’ important to secure our IoT devices?” Whilst the answer may seem quite obvious, the real question is why? Why is it ‘that’ important to secure our IoT devices? What could possibly go wrong with insecure deployments? In late September, the […]

    Posted: November 21st, 2016 ˑ  No Comments
    Filled under: Infosec

  • Fear The Necromancer!

    After the success of my first boot2root, The Wall, I decided I would create another challenge. Welcome to The Necromancer! There are 11 flags to collect on your way to solving the challenging, and the difficulty level is considered as beginner. The end goal is simple… destroy The Necromancer! I hope everyone enjoys the challenge. […]

    Posted: July 11th, 2016 ˑ  4 Comments
    Filled under: Infosec

  • Whois Mr Robot

    It has been a while since I have had a crack at any of the boot2root boxes over at vulnhub, so when I saw the following tweet saying there was a Mr Robot inspired VM released I could not hold back! Like always… let’s see what ports are open. Port 80 and 443; nice. Let’s […]

    Posted: June 30th, 2016 ˑ  No Comments
    Filled under: Infosec

  • (CVE-2016-4513) Schneider Electric PowerLogic PM8ECC XSS

    Background On the 4th August 2015, I discovered a cross-site scripting vulnerability in Schneider Electric’s PowerLogic 800 power meter, specifically in the embedded webserver on the PM8ECC add-on module. After a lengthy nine (9) month disclosure period, Schneider Electric formally thanked me and released a firmware patch to fix the vulnerability, under security advisory SEVD-2016-132-01. […]

    Posted: June 27th, 2016 ˑ  No Comments
    Filled under: Infosec

  • PCMan BOFing

    Picture this… you are having a crack at a CTF comp, and you have managed to smash most of the miscellaneous, web, forensic, and trivia challenges. The scoreboard shows that you have had a pretty good run, but then.. one by one other teams start to leap frog you on the ladder! What is going […]

    Posted: June 1st, 2016 ˑ  No Comments
    Filled under: Infosec

  • Game of Memory – Auscert2016 CTF

    Shearwater Solutions recently hosted a 48-hr Capture the Flag contest for AusCERT2016. Here’s a very quick and dirty write-up of how I solved the “Game of Memory” challenges for the SecTalksBNE team. The description for the challenge was: The 1337 and 100 work for the same company, they sit across from each other on the […]

    Posted: May 30th, 2016 ˑ  No Comments
    Filled under: Infosec
Previous page 
© 2016 Mogozobo. All images are copyrighted by their respective authors.