Latest Articles
Butting Heads with a Threat Actor on an Engagement
At the time of writing I am enjoying some non-billable time in the wake of a demanding engagement spanning across several months. As such, I thought it would be a good time to write up a war story from a recent project in which we came head to head against genuine and active threat actors whilst on an engagement. To set the scene, I am working on a purple team project in which we are to cover both the external and internal estate. This tale comes from the external portion of the engagement and as such my colleague and I are going about our usual external red team attack methodology. During this external phase we identify several instances of servers running a software that will remain unnamed for confidentiality’s sake. I will say that this was a third-party software that is used for Identity Access Management, and it appeared to be used in several environments (pre-prod, production, etc) within the client’s estate.
April 17, 2023,Max Corbridge
<strong>Advisory CVE-2022-37832 - Mutiny Network Monitoring Appliance hardcoded credentials</strong>
Software: Mutiny Network Monitoring Appliance Affected versions: <= 7.2.0-10855 Vendor page: www.mutiny.com CVE Reference: CVE-2022-37832 Published: 16/12/2022 CVSS 3.1 Score: 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Attack Vector: Network Credit: Ryan Saridar Summary An attacker can log in as root remotely to the appliance via SSH. Mitigation Upgrade to version 7.2.0-10855 onwards to remediate the problem. Technical details Before version 7.2.0-10855, the SSH service allows password login to the appliance. The use of weak, hardcoded root credentials between versions means that an attacker with knowledge of this fixed password can log into the appliance remotely and gain unrestricted access to it. Between version 7.2.0-10788 and up to 7.2.0-10850, key-based authentication was introduced, however password-based authentication was not yet disabled. On the patched version, key-based authentication is enforced.
December 15, 2022,Ryan
Online Machine Learning: how to integrate user feedback
When designing and implementing a machine learning model, ensuring it is continually updated is a challenge that all engineers encounter. In this article, I explore the online machine learning technique that I used during a project and present how it was implemented for effective results. Choosing a machine learning method Machine learning solutions can be mainly split into offline and online methods. Online machine learning is a method in which data becomes available in a sequential order and is used to update the best predictor for future data at each step, as opposed to batch learning techniques which generate the best predictor by learning on the entire training data set at once.
December 12, 2022,tzrzhuoran