Noot - Encrypted resumable ICMP exfiltration
Noot: a pair of PowerShell scripts for transferring files using ICMP (ping). Complete with encryption, partial transfer resume, and big (1GB+) file support.
Pulse Security is a specialist information security consultancy.
We're here to help your business stay protected from adversaries.
We specialise in finding vulnerabilities and ensuring your systems are operating safely. Find your vulnerabilities before your adversaries.
Our focus is a collaborative and research-based approach to truly understand your vulnerabilities.
We're focused on offensive security, and our internal research program is dedicated to advancing the state-of-the-art.
All engagements follow our comprehensive technical methodologies and quality assurance process.
Our specialist offensive testing services include an extensive range of penetration testing capabilities at the application, network, and physical level.
Complementing our Penetration Testing we also perform network architecture and application review services. Helping your business achieve best practice design and secure-by-default approaches to your infrastructure.
For when things go wrong, our experienced and qualified team will help with getting you back on track.
Noot: a pair of PowerShell scripts for transferring files using ICMP (ping). Complete with encryption, partial transfer resume, and big (1GB+) file support.
This article is going to look at patching Golang code at the assembly level to modify some behaviour in the net/http standard library. The Golang maintainers aren’t super interested in changing this bit of behavior, so lets fix it ourselves!
Slack integrations such as webhook APIs are often used to alert on user actions to internal teams. A vulnerability was noted when user supplied data containing a large amount of white space was included in a request to the Slack webhook API. By including enough white space in this data, the messages would be split and truncated. As a result, the malicious payload after the whitespace would appear as a standalone message from the Slack bot. An attacker could exploit this to forge messages containing Slack message markup to perform social engineering and other attacks if an integration, such as a website or other software, included unvalidated user input in the message to the Slack webhook.
How can we help?
+64 4 889 4756
info at pulsesecurity.co.nz