In this era of extreme automation, whether for development, programming deployment or even security management are we getting closer to security maturity or are we better off without the automation? In the next posts, I hope to uncover some of the tools/ applications employed on enterprises geared towards automation and better security but end up... Continue Reading →

SAMBAry save us!!

Remember linux users laughing at Windows users because of the now all too famous Wannacry? Karma. According to Samba, "All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and... Continue Reading →

Penetration testing Sharepoint

Like any normal web application, Sharepoint may fall prey to OWASP Top 10 vulnerabilities with a special focus on XSS, mostly due to inadequate patching and misconfiguration. On this post, we focus on recon / what sharepoint is exposing. Google Dorks FTW!: Some google dorks to help you find sharepoint installations exposed to the web... Continue Reading →

Word Heist!

So, I stumbled upon an interesting script. Over the years, I have been using various tools and scripts to do spear phishing; with the many vulnerabilities in Microsoft Office Suite and Adobe PDF reader being enablers and the ability to embed macros being an even bigger enabler. But things have changed and users are now keen... Continue Reading →

Do you know what your ERP is telling us?

Interesting engagement I had a few weeks ago, a client wanted assurance on their ERP - Oracle E-Business suite, to be specific. I spent a few weeks just to formulate an efficient strategy and be able to cover most controls from an insider threat perspective and an external authenticated attacker angle. For this post, I... Continue Reading →

Lateral movement..Part I

Scenario: you are a normal user in your company's domain. No admin privileges. Nothing. You can't even install a program in your machine. What if I told you, that you can be the local administrator on your machine and probably on MANY more in your organization? I am not able to count the number of... Continue Reading →

WordPress.com.

Up ↑