Ruby on Rails (RoR) is a powerful web application framework known for its simplicity and productivity. In this technical blog post, we’ll explore how to enhance your RoR application by adding an accessed_at column to ActiveStorage Blobs and customizing the ActiveStorage::Blobs::RedirectController. …

In the realm of penetration testing, it is essential to maintain an overview of the target environment while conducting simulated attacks. Ensuring that critical services of the client remain unaffected during the testing process is crucial for a successful and comprehensive assessment. Network monitoring, specifically uptime monitoring, plays a pivotal…

We conducted a two-day penetration test on the product “Avo”, which is a Ruby / Ruby on Rails gem for building administrative interfaces. Since greenhats®, our platform, uses this software for some production environments, it is enforced by internal policy to perform a small pentest / white box code audit…

In our internal pentests, relay attacks that use the NTLMv1 protocol are still successful (unfortunately). Many older systems cannot be converted to better methods such as Kerberos, so a large number of attacks against NTLMv1 are still possible. The two most common attacks are explained on the following blog entry…

Das ist mal wieder ein klassisches Beispiel für sogenannte “dual use software”. In unserem Pentest-Alltag nutzen wir immer häufiger die Software LDAP-Monitor, welche auf Github frei verfügbar ist. Damit lassen sich Veränderungen an LDAP-Objekten wie Computer- oder Benutzer-Konten beobachten bzw. auch gezielt überwachen. Daraus gewonnene Informationen, wie zum Beispiel wann…

In our daily research we discovered an awesome project on Github that focused on killing protected processes, especially modern anti malware solutions. https://github.com/Yaxser/Backstab | Yasser Alhazmi (@Yas_o_h) We tested the tool successfully against the latest and fully updated Cortex XDR Agent which uses the “cyserver.exe” as main process. Terminating a…

Bereits 2019 wurden die 533 Millionen privaten Facebook Profil-Daten von Hackern über eine Schwachstelle in dem sozialen Netzwerk entwendet und auf bekannten Seiten im Darknet zum Verkauf angeboten. Seit dem 03.04.2021 sind die Daten in einem bekannten Forum im Deep Web frei zum Download verfügbar. Obwohl nicht alle Facebook-Nutzer betroffen…

As the creator of the room we want to publish a clean, complete and intended write-up for the community to share a bit knowlege about white-box testing. The machine is deployed in our network testing environment so the ip address is different than in the THM environment. Initial discovery First things first…

During our internal pentests we often came across the client management software Empirum from Matrix42. On closer inspection of various configuration files, some .ini files, which were under the Configurator share, were particularly noticeable. This contains several cryptographically encrypted strings. The length and the character set used indicate different algorithms…