PWN DAT DOMAIN: Becoming domain admin with a little help from Veeam Backup
This post provides a walkthrough of an escalation to domain admin taking advantage of Veeam backups.
Tales of two security issues in cryptocurrency software wallets
This post discusses security concerns and two vulnerabilities in Harmony and oByte, two browser extensions that serves as a cryptocurrency software wallet.
Hacking Play-to-Earn blockchain games: the case of Manarium
This post provides an overview of hacking play-to-earn blockchain games and common security pitfalls affecting P2E. It explains in detail how several vulnerabilities were discovered in a P2E game named Manarium.
Dependency Confusion: An exploitation overview
This post provides an overview of Dependency Confusion attacks and explains how they can be exploited in the wild, with examples using NPM packages and tips to prevent these vulnerabilities from occurring.
Antivirus Evasion: Tearing AMSI Down With 3 Bytes Only
This post aims to showcase one of the many possible techniques for bypassing antivirus solutions through in-memory patching of AMSI instructions.
Attack of the clones 2: Git CLI remote code execution strikes back
Introduction This post is the second part of the story of a vulnerability that could be leveraged as a supply chain attack and used to hack millions of software developers around the world. We will describe all details about CVE-2020-26233, a vulnerability affecting all versions below 2.0.280 of Git Credential Manager Core in Github CLI […]
Attack of the clones: Git clients remote code execution
Introduction This post is a rather unusual story of a vulnerability that could be leveraged as a supply chain attack and used to attack millions of software developers around the world. It is also a tale of a bug collision that paid a bounty to one reporter and assigned the CVE to another! The main […]
Dissecting Ragnar Locker: The Case Of EDP
Introduction On April 13th 2020, news broke out in Portuguese media [1] that Energias de Portugal (EDP), the Portuguese multinational energy giant and one of the largest European operators in the energy & wind sectors, had been hit by a highly targeted ransomware attack (later identified as Ragnar Locker [2]), amid COVID-19 pandemic, while the […]
Security advisory: Mattermost Mobile for iOS v1.31.0 Authentication Token Leakage and Account Takeover
Advisory information Title: Mattermost Mobile for iOS Authentication Token Leakage and Account Takeover Advisory reference: BLAZE-05-2020 Product: Mattermost Mobile Client for iOS v1.31.0 (Build 293) CVE reference: CVE-2020-13891 Vendor reference: MMSA-2020-0022 Disclosure mode: Coordinated disclosure Product Description Mattermost is a flexible, open-source messaging platform that enables secure team collaboration. The product is used in several […]
