Tarlogic's Blog - Cybersecurity - Page 10
Cybersecurity articles with security analysis and ethical hacking technics information
Exploiting Word: CVE-2017-11826
Coincidentially with the beginning of an APT simulation engagement in the Red Team, a patch was issued my Microsoft fixing some vulnerabilities (CVE-2017-11826) affecting MS Office[...]
Read more
Vulnerabilities in Televes COAXDATA GATEWAY – CVE-2017-6532
=============================== – Advisory – =============================== Title: Televes COAXDATA GATEWAY 1Gbps – Priv Escalation Risk: High Date: 19.Jul.2017 [...]
Read more
Protections against network privilege escalation
The application of perimeter security controls in each layer of any infrastructure as well as hardening measures in systems enable limiting an intruder lateral movement in the netw[...]
Read more
Kerberos tickets: Comprehension and exploitation
The main aim of this post is explaining the most common attacks that can be carried out in a security audit or pentest of Kerberos protocol used in Microsoft active directory domai[...]
Read more
AeroAdmin 4.1 Vulnerability – CVE-2017-8893 CVE-2017-8894
Tarlogic Advisory: Tarlogic-2017-001 Title: Multiple vulnerabilities found in AeroAdmin 4.1 software. Discovered by: Juan Manuel Fernandez (@TheXC3LL) CWE-ID: CWE-119 Improper Rest[...]
Read more
Same-Site cookies against CSRF attacks analysis
CSRF vulnerabilities Cross-site request forgery (CSRF) vulnerabilities are extremely common in web applications. Despite they are known since a long time ago, we are used to find t[...]
Read more
How PHP Object Injection works
PHP Object Injection enables the arbitrary manipulation of an object content that shall be unserialized using the PHP unserialize() function. This kind of web application vulnerabi[...]
Read more
