Vulnerabilities

Objective Local Privilege escalation on the victim host via snapd Summary A security researcher Chris Moberly discovered a Linux Privilege Escalation vulnerability in January 2019 but was release mid-February. The vulnerability affects version 2.28 through 2.37 of snapd a universal package management system created by Canonical. Snap packages contain...

Summary How Microsoft Word can be potentially dangerous on phishing scenario. Objective To exploit Microsoft Word Macro functionality to return a shell to a remote machine (attacker). Lets look at Microsoft Word and effectively the Macro functionality can be taken to our advantage in phishing scenario.  This attack is...

Summary How a simple Dynamic Data Exchange (DDE) can be vicious and leave users open to attack! Objective To exploit Excel's DDE functionality to return a shell to a remote machine (attacker). This week I wished to demonstrate how using the standard functionality in excel, it would be possible...