Active Cyber
  • Home
  • About
  • Team
  • Services
  • Careers
  • News
  • Contact
  • ActiveLabs
  • Blog
ACTIVELabs
Powered by ACTIVECYBER, LLC

Cracking Hashes with NPK

3/1/2023

0 Comments

 
​Foreword
ACTIVECYBER has incorporated NPK into our arsenal of tools for penetration testing with clients, and we believe that sharing this with our ACTIVELabs library of resources would be beneficial to the community.

​Password hashes are an essential part of many security assessments. Recovering plaintext passwords from these hashes can be crucial in a penetration test. However, hash cracking can be a challenging task for any penetration team as hashing is not reversible. The process involves making guesses about the original password, hashing them, and comparing the results with the available hash. Many tools like John the Ripper and Hashcat are available for cracking a variety of hash types, but the biggest challenge lies in the hardware.

Read More
0 Comments

Red Team Infrastructure - C2

7/2/2021

0 Comments

 
As ACTIVECYBER continues to grow our testing services offerings as a key pillar of our ACTIVE Framework™, infrastructure is essential and needs to be built and tested regularly. This blog post details installing and setting up Covenant as a Command and Control (C2) server for the purpose of offensive testing. Covenant is an open source .NET Command and Control framework aimed at making .NET tradecraft easier and providing a collaborative C2 platform for red teamers. The post contains instructions, notes and tips for setting up and using the framework.
Link to post: Red Team Infrastructure - C2
0 Comments

NVIDIA GeForce Experience Local Privilege Escalation (CVE-2020-5990)

11/20/2020

0 Comments

 
​GeForce Experience is the companion application to your GeForce GTX graphics card. It keeps your drivers up to date, automatically optimizes your game settings, and gives you the easiest way to share your greatest gaming moments with friends. It also regularly downloads new game profiles which are essentially collections of settings that control what your graphics driver does when it loads specific games. We have identified DLL Hijacking vulnerability in GeForce Experience software in late 2019 (see link for more details) and decided to revisit said software again this year. This led to the discovery of CVE-2020-5978 and CVE-2020-5990 within the same component, that is GAMESTREAM. However, in this blog post we will only go over CVE-2020-5990 because it’s more interesting from an exploitation standpoint.

Read More
0 Comments

Windows AppX Deployment Service Local Privilege Escalation (CVE-2020-1488)

8/18/2020

0 Comments

 
​The AppX Deployment Service (AppXSVC) on Microsoft Windows suffers from an arbitrary file/directory deletion vulnerability that could be triggered by standard non-privileged users due to improper user impersonation during the removal process of any application from the Windows App Store (also known as Microsoft Store) leading to an elevation of privileges attack. Now, before we dive into the finding details, let's briefly talk about the vulnerable service and Microsoft Store applications.

Read More
0 Comments

Overwolf Symbolic Link Privilege Escalation (CVE-2020-15932)

7/30/2020

0 Comments

 
​Overwolf is a software platform designed to help developers create extensions for video games, which are then offered to users through Overwolf's App Store. The extensions are often focused on providing in-game services that would normally require a user to exit the game, such as the use of a web browser or an IM client. Other extensions provide game-specific features that can remind users about certain in-game events, easing the game experience. The platform has gained traction in competitive video games, such as eSports and MMORPGs, where native extensions are often forbidden due to concerns about cheating. Overwolf extensions sidestep this concern since they do not interact with the game engine; they operate exclusively on the overlay created by the main Overwolf program.

Read More
0 Comments

ACTIVE-2020-004: IDrive Local Privilege Escalation (CVE-2020-15351)

6/26/2020

0 Comments

 
Vulnerability Type:
Privilege Escalation
Vendors:
IDrive Inc.
CVE ID:
CVE-2020-15351
Affected Products:
  • IDrive for Windows prior to version 6.7.3.19
Summary:
​
IDrive for Windows prior to version 6.7.3.19 installs by default to “C:\Program Files(x86)\IDriveWindows” with weak folder permissions granting any user modify permission “NT AUTHORITY\Authenticated Users:(OI)(CI)(M)” to the contents of the directory and it's sub-folders. In addition, the program installs a service called “IDriveService” which runs as Local system, this will allow any standard user to escalate privileges to “NT AUTHORITY\SYSTEM” by substituting the service's binary with malicious one.

Read More
0 Comments

ACTIVE-2020-003: Trident Z Lighting Control Driver Local Privilege Escalation (CVE-2020-12446)

4/27/2020

0 Comments

 
​Vulnerability Type:
Privilege Escalation
Vendors:
G.SKILL International Enterprise Co., Ltd.
CVE ID:
CVE-2020-12446
Affected Products:
  • Trident Z Lighting Control v1.00.08 and older
Summary:
​
ene.sys driver in Trident Z Lighting Control v1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users which leads to privilege escalation as “NT AUTHORITY\SYSTEM”.

Read More
0 Comments

Docker Desktop Local Privilege Escalation (CVE-2020-10665)

3/25/2020

0 Comments

 
​Docker is a tool designed to make it easier to create, deploy, and run applications by using containers. Containers allow a developer to package an application with all of the parts it needs, such as libraries and dependencies, then deploy it as one package. By doing so, thanks to the container, the developer can rest assured that the application will run on any other machine regardless of any customized settings that machine might have which could differ from the machine used for writing and testing the code. Docker Desktop is used for building and sharing containerized applications and microservices for Mac and Windows machines. 

Read More
0 Comments

CORSAIR iCUE Driver Local Privilege Escalation (CVE-2020-8808)

2/11/2020

0 Comments

 
​CORSAIR is considered one of the world’s leading providers for high-performance PC peripherals and components. It offers a complete range of products to equip gamers and content creators, including keyboards, mice, headsets, capture cards, studio controllers, etc. While researching the interface software that is CORSAIR iCUE v3.23.66 (the latest at the time of research), we’ve found that said software installs a driver that will allow low privileged users to map an arbitrary physical memory which leads to local privilege escalation.

Read More
0 Comments

Viper RGB Driver Local Privilege Escalation (CVE-2019-18845)

11/26/2019

0 Comments

 
Recently, we found a Kernel logic bug in Viper RGB software version 1.0 which is used to manage Viper Gaming DRAM memory modules. The affected component of said software was MsIo64.sys/MsIo32.sys driver which was then utilized to achieve Local Privilege Escalation. The following is the process used to identify and exploit the security vulnerability. Let’s start off by examining the device permissions.

Read More
0 Comments
<<Previous

    Archives

    March 2023
    July 2021
    November 2020
    August 2020
    July 2020
    June 2020
    April 2020
    March 2020
    February 2020
    November 2019
    August 2019
    May 2019
    April 2019
    March 2019

    ACTIVELabs was created in 2018 to hunt and research undiscovered vulnerabilities, report them to vendors via responsible disclosure programs, publish advisories, develop and validate new patches, and to share this information for the advancement of the cybersecurity community. ACTIVELabs was established with the mission of securing our ever-growing client base, partnerships, and the technology community as a whole.
     
    We are actively providing the community with verified findings and research that leads to the creation of new Common Vulnerabilities and Exposures (CVEs) and updates to the National Vulnerability Database (NVD). For a full listing of all of our Advisories, visit our GitHub page here.

    RSS Feed


ACTIVECYBER, LLC
888 Bestgate Road, Suite 316
​Annapolis, MD 21401  
202.499.3774
©2022 ACTIVECYBER, LLC  | All rights reserved  |  Privacy Policy
Picture
Picture
  • Home
  • About
  • Team
  • Services
  • Careers
  • News
  • Contact
  • ActiveLabs
  • Blog