{ bit.therapy }

{ bit.therapy }

  • Home
  • Projects

RCE with Arbitrary File Write and XSS in Reprise License Manager (CVE-2018–15573, CVE-2018–15574)

CVE-2018–15573: Arbitrary File Write in Reprise License Manager CVE-2018–15574: XSS in Reprise License Manager TW-2018-006: Unpatched Remote Code Execution and XSS in Reprise License Manager During a recent engagement, I came

Adrian
Malware

Malicious Document Analysis – Macro to Shellcode

I came across an interesting Word document which at first glance definitely looked malicious. It had everything from random variable names to lyrics from Garbage - Run Baby Run in the comments. It

Adrian
Malware

Analyzing Obfuscated SWFs

A few days ago I was alerted of a host communicating with a (bad) domain and downloading SWF files. There was some concern that there was malware beaconing out and I needed to

Adrian
Reverse Engineering

IceCTF: Analyzing PCAPs and Reversing Encryption

IceCTF started a little while a go and we got a team together to try and grab some of these flags. If you're doing the challenges right now... well spoiler alert. One of

Adrian
Malware

A Look at Zepto Ransomware - Payload Delivery Analysis

It's another quiet Friday when we are alerted of bunch of files with the .zepto extension being created all over the place. It seems that a Zepto sample that worked its way through

Adrian
Malware Analysis

Walking Through Angler Exploit Kit - Payload Delivery Analysis

A few days ago I was alerted of a potentially compromised website serving Angler EK: hxxp://www.stadiumseatingcharts.com/rogers-centre/ The Angler exploit kit will redirect the client to a separate compromised server

Adrian

A Trick to Bypass an XSS Filter and Execute JavaScript

I've recently come across an application which had a very simple XSS filter. If the input contained the following chars, the application would throw an error: ( ) < > Simple, but annoying. I found

Adrian

An Encounter with Dridex - Malicious Document Analysis

Got my hands on a Dridex sample (SKM_C3350160212101601.docm) the other day and I wanted to figure out exactly how it managed to slip by our controls. The binary dropped did get

Adrian
TLS

Changing the DirectAccess and Web Application Proxy external certificate

In my lab I have a gateway server that is responsible for both DirectAccess and RD Gateway operations. Since I only have one external IP, I sit behind a NAT (or two). In

Adrian
Linux

Out-of-memory Micro Instance Woes: setsebool Killed

The other day I deployed a micro CentOS instance in Google Cloud's Compute Engine. Normally 600mb of RAM is more than enough to do some light nginx/node.js work for me, but

Adrian
Netflix

Creating Your Own US Netflix Proxy with Google Cloud

Say you wanted to create your own Unblock-Us or Tunlr service... maybe for educational purposes or maybe because Netflix is starting to block access from VPN providers used by people for region-restriction bypass.

Adrian
PowerShell

Transfer Files To and From Sandboxed Guest on Hyper-V

One of the things I missed after switching from VMware to Hyper-V is the ability to copy-paste files from host to guest via the interface. The workaround for Hyper-V (at this time) is

Adrian
Security

Making gdb More Useful For Reversing

Unless you're using something like DDD or Gdbinit, gdb vanilla is pretty hard to work with when reversing binaries. The following is a bunch of display commands that gdb will execute after every

Adrian
OSD

CMTrace in WinPE

CMTrace is a great tool for troubleshooting deployment issues from within WinPE, no doubt about that. It makes errors and warnings clearly visible in thousands of lines of markup logs. Adding CMTrace.exe

Adrian
Infrastructure

SETroubleshoot Email Notification on SELinux Denial

I've recently installed setroubleshoot-server on my RHEL6 server to help diagnose various SELinux denials as I attempt to secure the box. SETroubleshoot also has an email notification system that is really easy to

Adrian
Security

SELinux’s setroubleshoot Install on a RHEL6 Server

I am planning on using RHEL6 as a web server, primarily for my Mercurial/GIT repositories. This was to replace my current Fedora13 instance. After the initial minimal install, there were a couple

Adrian
Infrastructure

Identify and block malicious HTTP traffic with IPtables

So I was looking through my httpd access_log files and this popped up every couple of days: 93.157.0.142 - - [14/Dec/2010:16:01:19 -0500] "GET

Adrian
Development

Force Google Chrome Incognito Mode on Startup

Much like its competitors, Chrome allows an Incognito mode which will discard any browser data after the session ends. This is great however there is no way (that I could find) to tell

Adrian
Development

Drive Backup Over SSH With GZip Compression

If you've worked hard to configure your Linux machine and can't afford to lose it, try creating an image of it using dd periodically. It wouldn't make much sense to store the image

Adrian
Development

Batch file rename with PowerShell and Regular Expressions

There have been a few times in the past where I've had to rename a large number of files for various reasons (ie: remove a common piece of text from the name) and

Adrian
Infrastructure

SCCM upstream and downstream SUPs fail SSL/TLS negotiation

I have two SCCM SUP systems, one is the top and the other is downstream. The SCCM infrastructure is operating in Native Mode and all WSUS synchronizations and configurations happen over HTTPS. The

Adrian
Perl

Search Keyword Highlighting with Perl

Here's how to break down a search string into uniq keywords and highlight them using HTML: # user input my $search_string = "I really really need this"; # highlighting, get the s _uniq_

Adrian
{ bit.therapy } © 2019
Latest Posts Twitter