-
(CVE-2020-11553 -> CVE-2020-11557) NOC NOC. Who’s there? Your NMS is pwnd.
Recently I discovered vulnerabilities in Castle Rock Computing’s SNMPc Enterprise, specifically SNMPc OnLine 12.10.10 before 2020-01-28. Instead of writing my usual blog post containing the coordinated disclosure information, I thought I would do something a little bit different this time and create a simple tutorial for new players regarding the importance of bug chaining. We’ll […]
-
Welcome to 2019, BTW disclosure is still borked
Straight up TL;DR hereā¦ I don’t give a flying toss which form of disclosure you choose to use when disclosing vulnerabilities, just do not preach to me regarding how I should go about the process. I am writing this short rant to answer the perpetual questions I receive around which disclosure discipline I personally subscribe […]
-
Hunting eggs and 0-days…
What follows is my brief review of the “Cracking the Perimeter” course and the associated OSCE challenge. You can find my reviews of the OSWP and OSCP challenges at the following locations: “The will, the Wifu, and the paper” – OSWP “A splash of Pain, a dash of Sufference, and bucket load of Humble.” – […]
-
Grabbing loot from vmdk’s
An acquaintance recently dropped me a line asking for some help with a gig she was working on. After sharing the background about the work she had performed so far, she said something which made me promptly sit up and listen… “I have access to backups… Can we do anything with vmdk’s?”. Needless to say, […]
-
A freshly squeezed cup of pwnage
Rainy weather can only mean one thing… VulnHub challenge time. Today’s menu @TopHatSec’s Freshly challenge. The goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. :) There are a couple […]
-
A splash of Pain, a dash of Sufference, and bucket load of Humble.
If you recall my article titled “The will, the Wifu, and the paper”, I made the decision that 2014 would be all about creating my own destiny in the security world. Not to simply continue just dipping my toes into the shallow end of the security space, but to fully immerse myself in the discipline. […]
-
The will, the Wifu, and the paper
Since 1993, I have worked, lived, and breathed IT from both a career perspective and a personal ‘hobby’ point of view. My career has seen me work in various silos, such as Unix and MS sysadmin roles, networking, virtualisation, scripting, and SANs just to name a few. I have been able to absorb a large […]