Blog: Posts by Will

Secure [email protected] Tips for World Password Day!

Passwords continue to be one of the main contributors in compromise and cyber attack. We frequently identify and exploit password vulnerabilities during our security assessments and this was one of the driving factors behind our Active Directory Password Audit service. Although NIST revised their password security guidance a few years ago, mass adoption is still… Read More

Analysing CVE-2018-13417 for files, hashes and shells

CVE-2018-13417 was released this August that disclosed an out-of-band XXE vulnerability in the SSDP/UPnP functionality of the XML parsing engine in the popular Vuze Bittorrent client. The latest version, 5.7.6.0 was found to be vulnerable however it’s likely earlier versions are also affected. Exploitation of this vulnerability allows unauthenticated attackers on the same network to read arbitrary files… Read More

A cr4cking g00d time – walkthrough

Warning: This post contains spoilers! It’s been a few weeks since we released A cr4cking g00d time and we’d first like to thank everyone who gave it a go. We’ve received great feedback and are very pleased to hear that people have attained new levels of password cracking-fu in the process. Well done to @hops_ch… Read More

A cr4cking g00d time – 12 challenges. 1 cryptocurrency prize!

Edit: Well done to @hops_ch for being the first to complete and win the prize! The reason we offer a Password Audit service is because we’re passionate about ensuring our clients are adequately protecting their accounts from compromise. The varied methods that can be used to attack passwords inspired us to create a challenge, comprising multiple levels… Read More