Cisco ASA SSL VPN Backdoor PoC (CVE-2014-3393)
A coworker and I recently had the opportunity to work with a new vulnerability released at Ruxcon just earlier this...
Security Tech World News Blog
Category Added in a WPeMatico Campaign
Transfer File Over DNS in Windows (with 13 lines of PowerShell)
In a previous post (http://breenmachine.blogspot.ca/2014/03/downloading-files-through-recursive-dns.html) I mentioned that it is possible to download files through recursive DNS queries with Bash...
BlackHat Talk and Railo Shoutout
Haven't really talked about it much here but recently finished up some research and my BlackHat USA 2014 presentation titled...
Dumping Data from Memcached Servers
Just a quick update from a recent test. Will probably have some more interesting stuff coming soon but none is...
Downloading Files Through Recursive DNS With Bash (Or PowerShell)
I often run into networks with extremely restricted outbound firewall rules. Usually outbound traffic is whitelisted to a small number...
Hijacking A Particular User’s GUI Sessions With Meterpreter/VNC
Just a quick post to document a cool technique applied on a recent penetration test, nothing new or fancy, just...
JBOSS JMXInvokerServlet Update
A few months ago I posted some exploit code that abuses unauthenticated access to the JBOSS JMXInvokerServlet (http://breenmachine.blogspot.com/2013/09/jboss-jmxinvokerservlet-exploit.html).For review, JBOSS...
Blind SQLi -> SQLi -> Command Execution -> Meterpreter – Based On A True Story
This is going to be a long one. For a quick rundown, see the video of this process from start-finish...
JBOSS JMXInvokerServlet Exploit
Recently ran into a JMXInvokerServlet that didn't require authentication. These generally have a URL that looks something like:http(s)://localhost:8080/invoker/JMXInvokerServletWhile there is...
Meterpreter Shell Through Axis Default Creds
Just a quick post on something I worked on yesterday.Was able to use default credentials to log into the Apache...
