[UPDATE] An excellent article about the same issue has been posted by Detectify a few day after this one. Unfortunately Detectify was not aware of our post and had worked independently on this problem. Well they digged deeper and warned big webistes (Ars Technica, The Register, Observer, etc…) so the […]

Slack session hijacking

No need to introduce the incredible Burp Suite, THE ultimate tool for web pentests. 12 years ago the first version was born: Cute wasn’t it ? It was more or less what you get in the Intruder tab now. Today it’s a full toolbox:   However, having the best tool […]

A few tips on Burp Suite and web application penetration ...

One year ago we found that using the Word 2003 XML format could by very usefull for pentesters/redteamers/attackers as a standard VBA meterpreter payload was scoring 1/57 on VT (instead of 20/57 using the Office OpenXML format). AV vendors made their homeworks, VT score is now 14/54   Anyway another […]

Word 2003 XML: another trick to bypass anti-virus

For those who missed that, stageless meterpreter now works with user proxy settings and that rocks ! Why ? Standard delivery of payloads with metasploit uses a (small) stager that connects to metasploit handler to download and execute the stage (the final payload). It works most of the time but […]

[Hack] Metasploit: stageless meterpreter