Microsoft published information on a critical remote code execution vulnerability dubbed the Bluekeep RDP vulnerability (CVE-2019-0708) in May 2019. Windows 8 and newer systems have a default RDP setting requiring Network Level Authentication that mitigates the risk of this vulnerability while systems running Windows 7 and Server 2k8 or 2k8 R2 can be patched. LARG*net immediately scanned all member networks to determine if whether anyone was externally vulnerable and thankfully no one was.

Read More

Recently a number of articles were published alerting VLC users about a new zero day. The remote code execution this zero day takes advantage of does sound rather scary and users should definitely be made aware of the issue. Yet there’s a difference between sensible and sensational reporting.

Read More

10x engineers is a Silicon Valley term used to describe engineers that are ten times more productive than average. They can be from any of the usual IT categories; programmers, network engineers, sysadmins, etc.

Read More

A zero day vulnerability is a software bug that has been fixed/patched for 0 days. A zero day exploit is the code attackers use to take advantage of a zero day vulnerability.

Read More

In the last blog I attempted to hack a server (with permission, naturally) and discovered it had a debugger running that gave me a foothold. However I couldn’t get full control of the system without a skill upgrade in the realm of return-oriented programming (ROP) chaining.

Read More

You’ve probably read that it’s wise to harden your systems. You want to reduce your footprint so that you aren’t wasting resources or leaving yourself vulnerable unnecessarily. The theory sounds great but the practical implementation is a bit abstract.

Read More