20

Exploiting MS17-010 – Using EternalBlue and DoublePulsar to gain a remote Meterpreter shell

Findings so far… Findings from using these tools are the following so far No domain is needed for the tools to work. An active user session is also not needed. Fuzzbunch setup Firstly we need to setup our environment for… Continue Reading

1

Exploiting the OpenNMS/Jenkins RMI Java Deserialization Vulnerability

Even though this vulnerability was detected back in 2015 I am only starting to notice it popping up on engagements more frequently. CVE-2015-8103 – Jenkins CLI – RMI Java Deserialization allows remote attackers to execute arbitrary code via a crafted… Continue Reading

42

RTLSDR – Up and running in Mac OSX Yosemite with GQRX & GNURadio

A while back I bought an RTL2832u device from ebay for a very small amount and was blown away by how this piece of kit performed. Under linux and windows it worked beautifully, I then purchased a new MacBook Pro… Continue Reading