This advisory details a missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. Due to the insecure random filename generation functionality in the underlying Formidable library, filenames for uploaded images could be determined and the likelihood of this issue being exploited was increased.
Slack integrations such as webhook APIs are often used to alert on user actions to internal teams. A vulnerability was noted when user supplied data containing a large amount of white space was included in a request to the Slack webhook API. By including enough white space in this data, the messages would be split and truncated. As a result, the malicious payload after the whitespace would appear as a standalone message from the Slack bot. An attacker could exploit this to forge messages containing Slack message markup to perform social engineering and other attacks if an integration, such as a website or other software, included unvalidated user input in the message to the Slack webhook.
Configuring USBGuard without explicitly specifying vendor and product IDs allows an attacker to bypass some USB authorisation policies on Linux. A device may claim to belong to one USB class (e.g. say it’s a keyboard), but actually act as a network adapter, mass storage or other more exotic device. The Gnome desktop’s USB protection policies are vulnerable by default.
Stealing an authenticated browser session after compromising a user’s workstation usually means reaching for tools like mimikatz, poking around in DPAPI and monitored browser files, activities that risk triggering EDR. This article demonstrates a quieter alternative: cloning a live browser session to another device using nothing but built-in browser DevTools. No elevated privileges, no third-party tools, no touching disk or memory.
Penetration testing cost is directly correlated to how long an engagement takes to complete. Sometimes the target system or organisation is so vast that a review that achieves what we’d consider “complete” coverage is prohibitively expensive. This article discusses how Pulse Security tackles timeboxed testing engagements. We’ll discuss the problem, how testing is prioritised in an engagement with reduced time-frames, the importance of transparency between penetration testers and clients, and what you can expect from a timeboxed engagement.
Intune device scripts are bits of PowerShell that run on Intune managed devices. Much like Group Policy Objects in traditional Active Directory, these scripts can contain juicy information like secrets, privilege escalation paths, and more. The only problem is Microsoft doesn’t let you get them back out via the Intune portal, and I don’t always want to setup a whole Powershell environment. Let’s get them back out with just a web browser and curl.