Posts

AnyConnect Inter-Process Communication

AnyConnect Inter-Process Communication

In my first deep dive into Cisco AnyConnect (CAC) Secure Mobility Client (see AnyConnect Elevation of Privileges Part 1 and Part 2), I reversed engineered how CAC made use of a TCP based Inter-Process Communication (IPC) protocol. Based on that research, I found a Local Privilege Escalation (LPE) vulnerability (see CVE-2016-9192 and the proof-of-concept code). Yorick Koster and Antoine Goichot followed suit, and using that research also found other vulnerabilities (see CVE-2020-3153, CVE-2020-3433, CVE-2020-3434, and CVE-2020-3435). This post presents the results of my second deep dive, correcting a wrong conclusion about the protocol, further reverse engineering the various IPC messages, and providing some tools that can potentially aid further research.

Read More 
Freedom and Solitude

Freedom and Solitude

The freedom of not having to account for someone else's needs, wants and feelings, has the cost of solitude.

Image via Pexels @ Pixabay

Raspberry Pi Custom Fedora Kernel

Raspberry Pi Custom Fedora Kernel

Over the years I have gotten very used to Red Hat Enterprise Linux (RHEL) type distributions, and have for a long time now selected Fedora as my default goto Linux distribution. However, I needed a specific driver that comes out of the box with Raspbian (Raspberry Pi’s Debian based distribution), but does not come with Fedora. This post elaborates how to go about compiling a custom kernel on a Pi running Fedora.

Read More 
e-GPU Plus Bracket

e-GPU Plus Bracket

Razer Core X Chroma is an excellent device, but its functionalities didn’t fully cover my use case. As such, I decided to add a bracket and a PCI-e extender to the mix.

Read More 
Bypass All The GPOs

Bypass All The GPOs

During a red team engagement, one has landed on a machine with the need to make an application “ignore” Group Policies enforced configurations. This application runs on the context of the user but the settings are only changeable with administrative privileges and without access to a highly privileged account how can one make the application ignore these settings?

Read More 
Simulating APTs For Fun

Simulating APTs For Fun

In the post I will explain how one could simulate an Advanced Persistent Threat (APT) using Praetorian’s Purple Team Attack Automation and MITRE’s ATT&CK framework.

Read More 
It's Me, FireEye!

It's Me, FireEye!

A little over three years ago, while researching malware execution sandboxes, I found a stealth way to detect FireEye’s Malware Analysis System (MAS). In this blog post I will release the details.

Read More 
Three Honeypots and a Month After

Three Honeypots and a Month After

I deployed three web honeypots, one in Singapore, another in Australia and another one in France. I then leveraged IVRE and Suricata to investigate the visitors, and respective traffic they generated.

Read More 
Frontdoor to the Technicolor 7210

Frontdoor to the Technicolor 7210

In a previous article, I explained how to get root on the embedded Linux part of the Technicolor 7210 router by leveraging a remote code execution (RCE). This article on the other hand, will explain how one can leverage a “frontdoor” to gain the same level of access.

Read More 
Reversing the TC7210 Embedded Linux Firmware

Reversing the TC7210 Embedded Linux Firmware

In this article I will explain how to reverse the firmware of the embedded Linux part of the Technicolor (TC) 7210 router by leveraging the usual tools of the trade.

Read More