Whats old is new again. Use Windows Shortcuts on clients that have scripting disabled.
The Oracle OPERA (MICROS OPERA, pre-acquisition) Hotel Management System is widely used across a number of the big hotel chains. This beautifully done write up has all the juicy details on getting RCE as well as extracting and decrypting stored payment cards.
A walkthrough on obtaining and using Kerberos Golden Tickets in Kali, for when you don’t have Cobalt Strike handy.
Firewire and its DMA support strike again. First seen at DEF CON 24, the GitHub with code and a hardware shopping list is up. Apple has issued a macOS update to address the FileVault specific issues in some models, but it still remains a robust memory theft attack against both Macs and PCs when you have physical… Read More FileVault2 Password Retrieval
The folks over at Somerset Recon have published the second half of their look into Securam bluetooth enabled locks. The first part is a great teardown, and the second is the inevitable fully automated remote attack. Despite being targeted at the commercial market, the Prologic B01 lacks basic encryption. A quick Google search shows a… Read More Bypassing Bluetooth Enabled Locks
guest post on a one-byte overflow in a local HTTP proxy running as part of the Chrome OS base image. What makes this interesting from a Red Team perspective is further down in the post, an interesting work around for verified boot. This allows for persistence to be maintained, similar to the previous work by geohot.