• Enumerating and indexing SMB shares at scale

    In order to improve and harden our group’s critical telco-infrastructure, Deutsche Telekom Security GmbH provides a red team to simulate real world attack scenarios. While our red team also offers its capabilities for external customers, our main focus is improving our internal security by simulating state of the art attacks.

    Continue Reading →

  • Wire Secure Messenger Remote Format String Vulnerability

    A Remote Format String Vulnerability in the Wire Secure Messenger (CVE-2020-27853) allows an attacker to cause a denial of service (application crash) or possibly execute arbitrary code via voice or video call. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS.

    Continue Reading →

  • ILIAS RCE Via PHP File Inclusion

    Two vulnerabilities in the ILIAS learning management < 5.4.10 system were found which can be chained together to achieve remote code execution via an authenticated user.

    Continue Reading →

  • Teamwire Pass Code Bypass

    A pass code bypass in the mobile application of Teamwire for Android allows an attacker with physical access to the phone to use the app without entering the valid pass code.

    Continue Reading →

  • T-Pot Version 20.06 released

    On June, 30th 2020 we finally released T-Pot 20.06 after an extensive period of testing to ensure the update process (which is still in beta) is not likely to break things. With T-Pot 20.06 released we are proud to see that T-Pot is now growing faster than before. T-Pot 20.06 comes with new honeypots, such as Dicompot, a new Elasticpot and HoneySAP. All of which have Kibana dashboards readily available to get you covered…

    Continue Reading →

  • IBM Maximo Asset Management is vulnerable via XXE

    IBM Maximo Asset Management is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

    Continue Reading →

  • Smuggling HTTP headers through reverse proxies

    Under some conditions, it is possible to smuggle HTTP headers through a reverse proxy, even if it was explicitly unset before. This is possible in some cases due to HTTP header normalization and parser differentials. Because HTTP headers are commonly used as way to pass authentication data to the backend (for example in mutual TLS scenarios), this can lead to critical vulnerabilities.

    Continue Reading →

  • Unquoted Service Path exploit in Fortinet FortiClient

    FortiClient for Windows prior to 6.2.3 is vulnerable to an unquoted service path vulnerability (CVE-2019-17658). That may allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.

    Continue Reading →