Mass Assignment Mass Assignment is a vulnerability that occurs when the web application defines variables from user input, even if those variables weren’t expected to be provided. First, I want to give a huge shout out to https://NotSoSecure.com for the excellent training they provide at Black Hat events. It is 100% worth the money if…
Timeline Reported to FireEye on May 7th FireEye confirmed receipt of the vulnerability disclosure and stated that it was already a known issue being prioritized for a future release FireEye EX releases update to remediate this issue on August 13th Inspect What You Expect Organizations spend heavily on security tool suites designed to detect, block,…
On internal penetration tests, it is common to get a foothold using man-in-the-middle techniques such as Link-Local Multicast Name Resolution (LLMNR) or WPAD. On a recent engagement, we encountered an added challenge because NetBios over TCP was disabled and WPAD was configured correctly. At this point, it is typical to begin hunting for systems with…