Nathan Sportsman, Author at Security Boulevard

Introducing Goffloader: A Pure Go Implementation of an In-Memory COFFLoader and PE Loader

Nathan Sportsman — Mon, 02 Sep 2024 22:21:34 +0000

We are excited to announce the release of Goffloader, a pure Go implementation of an in-memory COFFLoader and PE loader. This tool is designed to facilitate the easy execution of Cobalt Strike BOFs and unmanaged PE files directly in memory without writing any files to disk. Goffloader aims to take functionality that is conventionally within […]

The post Introducing Goffloader: A Pure Go Implementation of an In-Memory COFFLoader and PE Loader appeared first on Praetorian.

The post Introducing Goffloader: A Pure Go Implementation of an In-Memory COFFLoader and PE Loader appeared first on Security Boulevard.

Understanding the Impact of the new Apache Struts File Upload Vulnerability

Nathan Sportsman — Tue, 12 Dec 2023 21:08:33 +0000

Introduction Recently researcher Steven Seeley discovered a way to abuse the popular Apache Struts frameworks’ file upload functionality to achieve remote code execution. This bug, known as CVE-2023-50164, has been assigned a 9.8 CVSS score. No doubt this is causing some security practitioners to have flashbacks of the “good times” that a serious Struts bug […]

The post Understanding the Impact of the new Apache Struts File Upload Vulnerability appeared first on Praetorian.

The post Understanding the Impact of the new Apache Struts File Upload Vulnerability appeared first on Security Boulevard.

Signing and Encrypting with JSON Web Tokens

Nathan Sportsman — Fri, 06 May 2022 13:09:53 +0000

Cryptographic weaknesses often arise in applications when the core security concepts are misunderstood or misused by developers. For this reason, a thorough review of all cryptographic implementations can be a juicy target when designing an application or starting a security assessment. Often, cryptography is used in the context of communication (e.g. a key exchange or […]

The post Signing and Encrypting with JSON Web Tokens appeared first on Praetorian.

The post Signing and Encrypting with JSON Web Tokens appeared first on Security Boulevard.

Computer Account Relaying Vulnerabilities Part 2

Nathan Sportsman — Thu, 05 May 2022 13:57:20 +0000

Overview Recently I’ve been working on writing a custom SMB client that implements the initial handshake and NTLM authentication functionality to perform port fingerprinting within Chariot Identify, our attack surface management product. While reading through the SMB specification, I got to thinking about Computer AdminTo Computer vulnerabilities we have exploited over the last few years […]

The post Computer Account Relaying Vulnerabilities Part 2 appeared first on Praetorian.

The post Computer Account Relaying Vulnerabilities Part 2 appeared first on Security Boulevard.

Guest who? Insecure Azure Defaults!

Nathan Sportsman — Thu, 28 Apr 2022 12:45:08 +0000

Introduction Azure has an insecure default guest user setting, and your organization is probably using it. The default settings Azure provides would allow any user within the organization (including guest users) to invite guest users from any domain, bypassing any central identity management solutions (e.g. Okta, Auth0) and onboarding processes. Additionally, an attacker may use […]

The post Guest who? Insecure Azure Defaults! appeared first on Praetorian.

The post Guest who? Insecure Azure Defaults! appeared first on Security Boulevard.

Hunting for Spring Core Exploitation

Nathan Sportsman — Sat, 02 Apr 2022 17:37:20 +0000

Background On March 30, 2022, Praetorian published remediation details for a remote code execution vulnerability for Spring Core on JDK9+ (CVE-2022-22965). A patch for vulnerable systems is now available and Praetorian has notified those affected through our Chariot offering. Hunting Opportunities Covering all our bases this early in the disclosure timeline can be a significant […]

The post Hunting for Spring Core Exploitation appeared first on Praetorian.

The post Hunting for Spring Core Exploitation appeared first on Security Boulevard.

Spring Core on JDK9+ is vulnerable to remote code execution

Nathan Sportsman — Wed, 30 Mar 2022 17:03:16 +0000

Overview Spring Core on JDK9+ is vulnerable to remote code execution due to a bypass for CVE-2010-1622. At the time of writing, this vulnerability is unpatched in Spring Framework and there is a public proof-of-concept available. As we have remediation advice for customers (see below), we have elected to share this information publicly. Spring Core […]

The post Spring Core on JDK9+ is vulnerable to remote code execution appeared first on Praetorian.

The post Spring Core on JDK9+ is vulnerable to remote code execution appeared first on Security Boulevard.

Always Be Modeling: How to Threat Model Effectively

Nathan Sportsman — Fri, 25 Mar 2022 12:09:36 +0000

Introduction At Praetorian, we believe that good security advisors always dedicate the start of a security assessment toward understanding your product’s threat landscape. This is why we perform a baseline threat model before every engagement, including those that do not explicitly contain an in-depth threat model analysis. A baseline threat model ensures that we have […]

The post Always Be Modeling: How to Threat Model Effectively appeared first on Praetorian.

The post Always Be Modeling: How to Threat Model Effectively appeared first on Security Boulevard.

New Chariot Module Nosey Parker Released: An Artificial Intelligence Based Secrets Scanner That Out Sniffs the Competition

Nathan Sportsman — Tue, 22 Mar 2022 13:58:21 +0000

Motivation Sensitive information like passwords, API keys, access tokens, asymmetric private keys, client secrets and credentials are critical components of a secure internet. Virtually any programmatic task involving authentication or security requires developers to work with this kind of data. Unfortunately, this means that such secrets invariably find their way into source code, configuration files, […]

The post New Chariot Module Nosey Parker Released: An Artificial Intelligence Based Secrets Scanner That Out Sniffs the Competition appeared first on Praetorian.

The post New Chariot Module Nosey Parker Released: An Artificial Intelligence Based Secrets Scanner That Out Sniffs the Competition appeared first on Security Boulevard.

23 and Me: Offensive DNA and Nuclei Templates

Nathan Sportsman — Tue, 15 Mar 2022 13:22:31 +0000

As part of our launch of the Chariot platform, we have developed twenty-three Nuclei templates to identify new issues or exposures within external attack surfaces that we want to share back with the security community. Nuclei is an extremely powerful vulnerability scanner from ProjectDiscovery that leverages a YAML-based domain-specific language to represent vulnerabilities. Nuclei is […]

The post 23 and Me: Offensive DNA and Nuclei Templates appeared first on Praetorian.

The post 23 and Me: Offensive DNA and Nuclei Templates appeared first on Security Boulevard.