September 28, 2023

Getting SYSTEM on Windows in style

Microsoft has published a patch for CVE-2023-38146 on patch Tuesday of September 2023. The advisory for this vulnerability mentions that the impact is remote code execution, which was demonstrated by @gabe_k - the researcher who first reported the vulnerability to Microsoft in May of 2023. Gabe’s ThemeBleed writeup and proof-of-concept demonstrate how an attacker might exploit the vulnerability for code execution by luring an unsuspecting victim into opening a booby-trapped .

November 10, 2016

Observium - unauthenticated remote code execution

During a recent penetration test we found and exploited various issues in Observium, a popular networking monitoring platform. The vulnerabilities lead us from unauthenticated user to full shell access as root.

August 18, 2016

cSRP/srpforjava - obtaining of hashed passwords

In this blog we’ll look at an interesting vulnerability in some implementations of a widely used authentication protocol; Secure Remote Password (SRP). We’ll dive into the cryptography details to see what implications a little mathematical oversight has for the security of the whole protocol.