Simple Bypass for PowerShell Constrained Language Mode

Edit – I just had this pointed out to me that on Friday 17th March Lee Holmes wrote about this very attack on his blog here – http://www.leeholmes.com/blog/2017/03/17/detecting-and-preventing-powershell-downgrade-attacks/. This is a pure coincidence and I was not aware of this blog post by Lee at the time.

We all know that Microsoft has added some nice features to PowerShell v5 to help out the Blue teams, Constrained Language Mode, Deep Scriptblock logging, system wide transcripts and AMSI to name a few.
This blog is not a lesson on each of the features mentioned above, for more information this is a great place to start – Microsoft PowerShell Blue team.
This blog is also not about the awesome bypasses highlighted by Casey Smith, aka @SubTee, again detailed info can be found here – @SubTee Blog.

What I’ve found is probably not even new, but I can’t find anything written about it. This is a very simple and almost too easy a way to bypass Constrained Language Mode. I still can’t believe it myself.

Continue reading “Simple Bypass for PowerShell Constrained Language Mode”

Maybe We Should Not Use Adobe Reader – Looking For An Alternative

After the recent emergency out of cycle patch of Adobe Reader (again!), maybe we should be looking toward finding a better solution to the problem – the fact that Adobe cannot write secure software.

Yeah I know they are releasing Reader X with ‘sandboxing’ la la la, link here to article on ThreatPost,  but maybe they should just write some decent secure code – its only a document viewer after all!

After doing a bit of research and having some experience using alternate PDF readers, I’ve come to the conclusion that there are other better more secure applications.

There is 1 application in particular – Evince – the 1 included with Ubuntu and other Gnome distro’s, I have found only 1 advisory listed on Exploitdb where as Adobe Reader, Exploitdb lists 9 and visit the Adobe site and search for advisories and you’ll be amazed how many there are listed.

Continue reading “Maybe We Should Not Use Adobe Reader – Looking For An Alternative”

xStorm Cloud Based Vulnerability Scanner from RandomStorm

This is a follow up from my recent posts about the company RandomStorm and its products.

After my initial phone conversation they sent me a complementary access to their xStorm Cloud Based Vulnerability Scanner.

Well recently I had sometime to investigate, these are my findings, hope you enjoy.

First off this is only a brief look at this product, there is probably so much more to it than I can explore here with the limited trial that RandomStorm gave me.

OK, first your have to start up your browser, I choose Google Chrome, but Firefox or even Internet Explorer will suffice.

You will be met with a login screen

Continue reading “xStorm Cloud Based Vulnerability Scanner from RandomStorm”

Do Microsoft Have Tunnel Vision?

A recent post on Threatpost website reporting that the Stuxnet virus was reported over a year ago in Hackin9 magazine.

Why do they not have employee’s scouring the internet forums, IRC, mailing list etc to for warn the company of impending attacks or vulnerabilities.

Come Microsoft, Adobe get your acts together, hmmm I think I’ve been here already this week.

Article taken from ThreatPost

A security flaw affecting Microsoft’s Windows operating system that was exploited by the Stuxnet worm was publicly disclosed more than a year before the worm appeared, according to a researcher at Symantec Corp.

Microsoft, Adobe – Get Your Act Together

Having just read a post on one of my favorite blogs Attack Vector about the recent developments surrounding the new Adobe Reader 0day, here is the link to Matts excellent argument for all of us to sing the praises of open source or not so well known software applications that fulfill the same purpose as the over priced over vulnerable offerings from Microsoft and Adobe.

Continue reading “Microsoft, Adobe – Get Your Act Together”