Penetration Testing Lab Whether you have a fully virtual organisation consisting of several different machines or the odd virtualised box you’re using to explore or freshen up on certain skills. They’re great fun and an asset to any security tester. Having your own lab is a great way to perform […]
About: osiris
Posts by osiris:
Wardriving with Kismet, GPS and Google Earth.
Reporting SSL/TLS Issues the Easy Way with YANP
Quick Guide to Installing Bloodhound in Kali-Rolling
Exploiting MS17-010 – Using EternalBlue and DoublePulsar to gain a remote Meterpreter shell
[su_heading align=”left”]This walk through assumes you know a thing or two and won’t go into major detail. After all it’s meant for fellow researchers and penetration testers.[/su_heading] Findings so far… Findings from using these tools are the following so far [su_note]The default process that Doublepulsar injects into is ‘lsass’ It […]
Exploiting the OpenNMS/Jenkins RMI Java Deserialization Vulnerability
Even though this vulnerability was detected back in 2015 I am only starting to notice it popping up on engagements more frequently. CVE-2015-8103 – Jenkins CLI – RMI Java Deserialization allows remote attackers to execute arbitrary code via a crafted serialized Java object. Apparently, according to Foxglove security Jenkins and […]