Execute Shellcode, Bypassing Anti-Virus | InteliSecure

Hello, I am going to demonstrate a little trick to allow you to bypass anti-virus and execute shellcode, this is a publicly known trick that I did not discover. The shellcode I am going to use for this example is the common Metasploit Windows Bind TCP shell, however any shellcode can be used, I have simply chosen this one for simplicity. As I’m sure you’re all aware, the standard Metasploit…

ATM In-Security in 2013 | ATM Security Flaws & Vulnerabilities

Introduction With the recent SecTor security conference in Toronto Canada, once again ATM security flaws have risen to the top of the agenda.  ATM flaws have become wide-stream knowledge since Barnaby Jack showed off his ‘Jackpotting‘ attack.  ATM flaws have once again become a hot-topic since the late Barnaby’s demise two weeks prior to this years Blackhat conference (USA 2013) where he was going to present about Pacemaker flaws.  Barnaby…

New WiFi Pineapple; From Britain with Love!

Introduction Since approximately around the time of our posting Blue for the Pineapple (6 months ago). Hak5 Pineapple Team have disappeared underground to produce the new Mark 5 Pineapple. A customised board that is cheaper to produce and more easily affordable. The Mark 5 has 2x WiFi cards (Atheros 9331 & RTL8187 (famously known as an Alfa)), with SMA connectors. Twice the RAM & ROM (16MB & 64MB), with the…

Vulnerability Development: Buffer Overflows: RET Overwrite…

Hello all, my name is Mike Evans and I’m a security consultant here at Pentura. The other day I was asked by a certain Spanish someone if I could contribute to the blog ;-). At first I wasn’t too sure what to write about, however after a while I decided to write about Vulnerability Development as this is an area of research I am very passionate about. Now this is…

TRACE, OPTIONS and others HTTP Verbs | InteliSecure

Hi!! Another post here after a some time… I’m really busy at work right now but I also need these small breaks to carry out my own testing and share a bit of what we learn here at Pentura. I want to write today about the TRACE, OPTIONS and others HTTP verbs. Sometimes in reports we can see that they discovered the TRACE verb active in our server. How they…

HOWTO: Metasploit Java Applet Attack

Using a recent Java exploit released by Nathan Keltner of The Metasploit Project, Pentura Labs are going to demonstrate how to inject a Meterpreter payload into a browser session via a Java applet. To get this attack working. you’ll need to get your victim to click the attackers URL via whichever method you choose (email, verbal, linked from a website etc.). Once the applet has been executed, your payload is…