AD CS: from ManageCA to RCE
Introduction In our previous article, we covered an engagement where it was necessary to execute the ESC7 attack to esca[...]
BlackArrow's Blog
Red team & Threat hunting Blog
AD CS: weaponizing the ESC7 attack
Introduction to AD CS ESC7 Last year, SpecterOps published an in-depth research about the security state in Active Dir[...]
Leveraging Microsoft Teams to persist and cover up Cobalt Strike traffic
Introduction During a recent Red Team scenario got local admin privileges on a workstation where an EDR solution was ide[...]
From N-day exploit to Kerberos EoP in Linux environments
Introduction In one of its operations, the Red Team achieved command execution in a perimeter web page as a non-privileg[...]
Hindering Threat Hunting, a tale of evasion in a restricted environment
It is both common and important for the development of a Red Teaming service to obtain information about the technologie[...]
Attackers Abuse MobileIron’s RCE to deliver Kaiten
In September this year the security researcher Orange Tsai published various vulnerabilities and P0Cs related to the Mob[...]
Analyzing an RFID scanner: bad habits never die
More than a year ago, BlackArrow’s Red Team conducted a security analysis of an RFID scanner used by one of its cu[...]
Ragnarok Stopper: development of a vaccine
The field of reverse engineering and specifically malware analysis within the Compromise Assessment process is of vital [...]
A deep dive into disable_functions bypasses and PHP exploitation
When performing a penetration test, or a Red Team operation, multiple tools (webshells, proxysocks to tunnel TCP traffic[...]