During the security assessments, one of the things that we always check is the possibility to extract information outside of the client network. This includes the ability to copy data to external drivers, send them via e-mail to external e-mail addresses, use various TCP/UDP ports, non-typical protocols or even side channels. In mature environments, special […]
In this article, I will write about a service misconfiguration that I’ve found within the Rockstar Games Launcher (https://socialclub.rockstargames.com/rockstar-games-launcher). The issue is already fixed by the vendor and I was granted a bounty for its discovery and coordinated disclosure. The interesting trivia about it is that the component was not initially included in the scope […]
This article covers a vulnerability discovered in GOG Galaxy, which may result in Local Privilege Escalation due to a lack of authorization of commands sent via a local TCP connection. The attacker may exploit this vulnerability to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed. Background I’ve recently started looking at […]
CQLabs – Offline Attacks on Active Directory Introduction This lab will guide you through some of the most interesting features of the DSInternals PowerShell Module, which was featured at Black Hat Europe 2019 and is also included in FireEye’s Commando VM. This open-source toolset exposes many internal and undocumented security-related features of Active Directory (AD), […]
Antivirus software usually uses malware signatures, behavioral detection or heuristic detection to block malware. All these methods may be insufficient in case of APT (Advanced Persistent Threat) attacks prepared specifically for the victim or attacks exploiting 0day vulnerabilities in software, that were never seen before. Exploit Guard: Exploit Protection and Exploit Guard: Attack Surface Reduction […]
Previously on CQLabs This article is a continuation of a previous one, called #CQLabs 5 – DSInternals PowerShell Module. Introduction One of the lesser known features of Active Directory (AD) is called Credential Roaming. When enabled, it synchronizes DPAPI Master Keys, user certificates (including the corresponding private keys) and even saved passwords between computers. We […]
In this article, we will analyze a couple of knowns, still working, UAC bypasses – how they work, what are the requirements, and potential mitigation techniques. Before we dive into this, we need to briefly explain what UAC is. What is UAC The acronym UAC stands for User Account Control, a part of the […]
Do you want to receive the geekiest cybersecurity solutions, tools, and tricks, straight to your inbox?
Learn more about our offer in terms of Consulting. Our Cybersecurity Experts perform consulting work on a daily basis, hence we are fully prepared for any challenge.
Learn more about our offer in terms of Consulting. Our Cybersecurity Experts perform consulting work on a daily basis, hence we are fully prepared for any challenge.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
