Contact us today.

Subscribe me to your mailing list

Author: Alexey Tyurin

Struts2 DevMode RCE with Metasploit module

Struts2 is a very powerful and popular Java framework. It is widespread, being used in many large and less large enterprise applications. This summer, a critical vulnerability was found in Struts2. It was an OGNL injection which led to RCE. It is simple, requires no auth, and works against almost all versions (except the latest one).
Read more..

I can find your internal ERP system

The first step of any attack is to collect information about the target. Everybody knows that. And one of the most important resources is Google (or another search engine) with its google dorking (hacking). You can find a lot of interesting information there, especially if your target is a big organization. The engine’s spiders crawl the Internet with its many, many sites, and we can dive into the information which they have collected for us.
Read more..

SMBRelay Bible 7: SSRF + Java + Windows = Love

SSRF attack is becoming famous and gets a lot of attention this year. Our company has performed some research in this area, and we got some interesting results, some interesting nuances which can be used to create good attack vectors. I’ll show you one of them.
Read more..

SSRF via WS-Adressing

Many people still think that SSRF is only about XXE vulnerabilities but, as I have already presented at the POC conference, there is a bunch of different places in XML-based protocols  (WS family, XBRL, BPEL, etc.) and in business applications where we can put a link to other resources.
For example, WS-Adressing.
Read more..

Universal way to bypass Group Policy by Limited User.

What is it? Group policy is a powerful feature of Windows OS. From wiki: “Group Policy is a set of rules which control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications and users’ settings in an Active Directory environment”
Read more..

SMBRelay Bible 6: SMBRelay attacks on corporate users part 2

Let’s continue our talk about variants of client-side attacks and turn our attention to MS Office’s documents.As it was written in last blog post, we can create crafted Office’s document and send it to users (via e-mail for example). When a user opens it, an office program tries to connect our server and give us user’s credential.
Read more..