Posted in Uncategorized

How spending our Saturday hacking earned us 20k

Note: I have personally archived this amazing article due to the fact that the original is no longer available. How spending our Saturday hacking earned…

Continue Reading?
Posted in Exploits Penetration Testing Web Application

ATutor 2.2.4 ‘language_import’ Arbitrary File Upload / RCE (CVE-2019-12169)

This proof of concept is demonstrating a vulnerability in ‘/mods/_core/languages/language_import.php’ that can be used to get remote code execution. The code can be modified to…

Continue Reading?
Posted in Exploits Web Application

eLabFTW 1.8.5 ‘EntityController’ Arbitrary File Upload / RCE (CVE-2019-12185)

I was doing some research last night and I discovered a vulnerability in eLabFTW 1.8.5. So I went ahead and coded a proof of concept…

Continue Reading?
Posted in Exploits Web Application

ATutor 2.2.4 ‘Backup’ Remote Command Execution (CVE-2019-12170)

ATutor-Instructor-Backup-Exploit Exploit Title: ATutor 2.2.4 ‘Backup’ Remote Command Execution Google Dork: inurl:/ATutor/login.php Date: 5/13/2019 Exploit Author: Joseph McPeters Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version:…

Continue Reading?
Posted in Computing Security

Windows NTFS File System

In order to improve performance, reliability, and support large disk volumes, Microsoft developed NTFS file system for Windows NT in the early ’90s. NTFS is…

Continue Reading?
Posted in Computing Security

Encase for FAT Demo

EnCase Forensic is a fantastic tool for forensic analysis. In this demo, I only want to show you how do we use EnCase to visually…

Continue Reading?
Posted in Computing Security

Windows FAT File Systems

After acquiring and preserving the pertinent evidence, we move onto analyzing Windows images. As mentioned earlier, forensic analysis tools usually bypass operating systems normal operations…

Continue Reading?
Posted in Computing Security

Security Analytics Toolbox and an Example

Before you jump right into data-driven security analytics, it is important to ensure you at least have a basic familiarity with the two most prominent…

Continue Reading?
Posted in Computing Security

Common Descriptive Analytics for Security Data 4: Correlation and Regression Analysis

Understanding the explicit relationship between attributes helps analysts uncover hidden patterns in data. Correlation analysis is a method of statistical evaluation used to study the…

Continue Reading?
Posted in Computing Security

Common Descriptive Analytics for Security Data 3: Quartile Analysis

Similar to Cross-Sectional Analysis, both require the analyst to select a collection of attributes to examine Then identify a suitable grouping and aggregation strategy. Finally,…

Continue Reading?