Security Risk Advisors

Category: Red Teams

New Vulnerability, Same Old Tomcat: CVE-2017-12617

October 16, 2017 | Posted in Red Teams by Chris Myers

Tomcat has been a staple target for penetration testers and malicious actors for years. With ample opportunities to exploit security misconfigurations in the management GUI (tomcat:tomcat….) or technical vulnerabilities, it’s no wonder attackers cont… Continue Reading

Peripheral Pwnage: Mousejacking 2.4 Ghz Input Devices

August 31, 2017 | Posted in Red Teams by Jonathan Renard

Hostile Airwaves

On internal engagements, poisoning name resolution requests on the local network (à la Responder) is one of the tried and true methods of obtaining that coveted set of initial Domain credentials.  While this approach has worked on man… Continue Reading

The Macro Evolution: Bypassing Gmail’s Virus Filter and Reliably Establishing C2 Channels with Office Macros

August 10, 2017 | Posted in Red Teams by Barrett Adams

Background

During an email phishing engagement, one of the attacks we typically use is a malicious Microsoft Office macro. For the unfamiliar, macros are bits of code embedded in Office documents. T… Continue Reading

A Smaller, Better JSP Web Shell

July 25, 2017 | Posted in Red Teams by Barrett Adams

Background

In recent external pen tests, we have come across several Apache Struts instances that are vulnerable to a remote code execution (RCE) vulnerability. Our usual procedure for any RCE vulnerability that we are going to exploit is to upload a … Continue Reading

Strutting Your Stuff - Identifying Outdated and Vulnerable Apache Struts in Your Linux Environment

April 13, 2017 | Posted in Red Teams by Garrett Fails

What is Apache Struts?

Apache Struts (Struts) is an open-source framework used to create Java web applications.  The great thing about Struts is that it allows developers to build powerful web applications using a well-established, portable language. … Continue Reading