A command injection vulnerability was found in Red Hat Satellite 6.16.5.2 (Foreman 3.12.0.8-1). This flaw allows an authenticated user with edit_settings permissions to modify these parameters to achieve arbitrary command execution on underlying operating system and bypass safe mode rendering.
Once upon a time, we were asked to pentest an API and received… JAR file with a client certificate for mTLS. Not your typical Swagger + token setup.
A quick look under the hood showed that the API wasn’t REST or SOAP - it was using Apache Thrift with a binary protocol.
IBM FlashSystem allows a user to provide their SSH key, which is then written to the authorized_keys file. Using a set of limited commands in rbash, threat actor can perform a privilege escalation by overwriting the SSH_LABEL_ID within the authorized_keys file. This results in the account takeover of the superuser with just Monitor access privileges.
SAP BusinessObjects Business Intelligence Platform (BI Workspace) allows an attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable.
Reflected Cross-Site Scripting vulnerability exists in Pega Infinity Platform versions 8.4.3 to 24.2.1. The vulnerability is located within the pyActivity pzLoadMashupPage module, which improperly sanitizes input from a GET parameter. Successful exploitation requires victim interaction (e.g., clicking a malicious link) and could allow an attacker to modify or exfiltrate data from the affected application.
Reflected Cross-Site Scripting vulnerability exists in the Pega Infinity Platform versions 7.2.1 to 24.2.1. The vulnerability is located within the pyActivity pzGetURLHashes module, which improperly sanitizes input from a GET parameter. Successful exploitation requires victim interaction (e.g., clicking a malicious link) and could allow an attacker to modify or exfiltrate data from the affected application.
STM Cyber R&D team decided to reverse engineer POS devices made by the worldwide known company PAX Technology, as they are being rapidly deployed in Poland. In this article, we present technical details of 6 vulnerabilities, which were assigned CVEs
Earlier this year, we discovered an interesting behavior in Microsoft Teams chat functionality that allowed us to phish our coworkers and earn a free pizza.
By modifying the request it’s possible to change various parameters of the message we’re replying to, i.e., its content, time of creation, and author.
Once upon a time, we had to reverse engineer an Android application. To do that, we've decided to use our favorite tool of choice - JEB. All was good until we noticed something suspicious…
The story about finding RCE in the JEB decompiler.
Recently p4 team (which includes a few of our coworkers) was invited to play the @Hack CTF Final - stationary CTF organized during @Hack conference in the capital of Saudi Arabia - Riyad. Here you can read about our impressions of the CTF and the writeup for one of the reverse engineering challenges - ENIPTX.
Can you see the difference between " and “ or ' and ‘ ? You can? You've got sharp eyes! Well, PowerShell can't see it. Now, imagine an application which inserts user-provided input into string in dynamically generated PowerShell script while sanitizing only "typical" quotes... Sounds like trouble? RCE handed on a silver platter? But hold your horses, it's not that easy!
Excel 4.0 XLM macros are useful for the Red Team. But it is often the case that when using publicly available generators, samples are detected. Then you usually have to invent your own techniques or modify existing ones. Another problem is the Excel language. If the target's Excel is set to a language other than […]
As Excel 4.0 is becoming more popular, more and more attackers use it in phishing campaigns. In this blog post, we will dive into the topic of Excel 4.0 macros and learn about techniques that are useful during Red Team and analysis. Additionally, we will present to you our new tool that will assist you […]
