In our line of work you stumble on some very cool stuff. Welcome to our logbook.
Lin.security was released a little over a month ago so as promised we have now published this detailed walkthrough. As such, this article does include spoilers! The idea of the challenge was to find and practise getting root on the host using many different methods -...read more
CVE-2018-13417 was released this August that disclosed an out-of-band XXE vulnerability in the SSDP/UPnP functionality of the XML parsing engine in the popular Vuze Bittorrent client. The latest version, 126.96.36.199 was found to be vulnerable however it's likely earlier...read more
Warning: This post contains spoilers! It's been a few weeks since we released A cr4cking g00d time and we'd first like to thank everyone who gave it a go. We've received great feedback and are very pleased to hear that people have attained new levels of password...read more
Edit: Well done to @hops_ch for being the first to complete and win the prize! The reason we offer a Password Audit service is because we're passionate about ensuring our clients are adequately protecting their accounts from compromise. The varied methods that can be...read more
Here at in.security we wanted to develop a Linux virtual machine that is based (at the time of writing) on an up-to-date Ubuntu distro, but suffers from a number of vulnerabilities that allow a user to escalate to root on the box. This has been...read more
It's official, we're live! As this is our first post under the guise of in.security let's make some introductions. Both Will (@stealthsploit) and I (@rebootuser) have been working in IT and information security over the past decade or so and have been in a number of...read more