Hack Responsibly
Browse Hack Responsibly, a technical blog by The NetSPI Agents. Dive deep into the latest CVEs and vulnerabilities our team uncovers, and how we help NetSPI customers protect against the most important threats today.
Our favorite picks
15 Ways to Bypass the PowerShell Execution Policy
By default, PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems. In this blog I’ll cover 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.
Four Ways to Bypass Android SSL Verification and Certificate Pinning
As pentesters, we’d like to convince the app that our certificate is valid and trusted so we can man-in-the-middle (MITM) it and modify its traffic. In this blog I’ll go through 4 techniques you can use to bypass SSL certificate checks on Android.
CVE-2024-21378 — Remote Code Execution in Microsoft Outlook
Learn how NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects.
Backdooring Azure Automation Account Packages and Runtime Environments
Azure Automation Accounts can allow an attacker to persist in the associated packages that support runbooks. Learn how attackers can maintain access to an Automation Account.
Mapping Mainframe Memory Made Easy
Explore how NetSPI’s own LPAR enhances pentesting efficiency through rapid tool prototyping and deployment.
Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
Learn how threat actors can exploit SQL Server credential objects to escalate domain privileges and how you can detect it.
CVE-2024-37888 – CKEditor 4 Open Link plugin XSS
NetSPI discovered CVE-2024-37888, a cross-site scripting (XSS) vulnerability in the CKEditor 4 Open Link plugin. Read about the nature of the vulnerability and its implications.
An Introduction to GCPwn – Parts 2 and 3
Example exploit path using GCPwn covering enumeration, brute forcing secrets manager versions, and downloading data from cloud storage both through default enum_buckets and with HMAC keys.
DEF CON 32 Recap: Insights and Experiences from The NetSPI Agents
Explore the highlights of DEF CON 32 through the eyes of The NetSPI Agents. Discover key takeaways, expert insights, and firsthand experiences from this year’s premier hacker conference.
Extracting Managed Identity Certificates from the Azure Arc Service
The Azure Arc service is handy for bringing on-prem systems to the cloud, but it includes features that could lead to pivots from on-prem into your Azure environment.
Escalating Privileges in Google Cloud via Open Groups
Learn how attackers can abuse Open groups to potentially escalate privileges in Google Cloud and how to detect these attack paths.
An Introduction to GCPwn – Part 1
GCPwn is a python-based framework for pentesting GCP environments. While individual exploit scripts exist today for GCP attack vectors, GCPwn seeks to consolidate all these scripts and manage multiple sets of credentials at once (for example, multiple service account keys) all within one framework. With the use of interactive prompts, GCPwn makes enumeration and exploitation […]
Exploiting a Generative AI Chatbot – Prompt Injection to Remote Code Execution (RCE)
Discover how NetSPI exploits an externally exposed Generative AI Chatbot to compromise the hosting server.
Prototype Pollution: A Deep-Dive
Learn about Prototype Pollution – what it is, why it exists, and real examples of how it can be exploited.
From linen to silk – Using Microsoft Service Fabric to elevate privileges
The NetSPI Agents discovered a local privilege escalation path in Microsoft Service Fabric Runtime. Learn how the vulnerability was discovered and exploited.