2023
July
Penetration Testing

By Ted John July 20, 2023
Imprivata PAM - CVE-2021-45094
Back in late 2021 I was engaged on a penetration test of a client’s implementation of the Imprivata Privilege Access Management (PAM), previously known as XTAM (Xton Access Manager ). The goal of the test was to assess the product for security vulnerabilities that may impact the client’s intended use for managing secrets and secure connections to internal systems by external providers.
Read More
2021
Nov
Penetration Testing

By Dave Woodhouse November 8, 2021
You've Disabled Microsoft Office Macros? I Can Probably Run Them in my Desktop Session Anyway (Part 2) ...
In my last post on bypassing Microsoft Office macro settings I hinted at the implications but didn’t detail them. This post dives into how the macro settings bypass technique can be leveraged to execute arbitrary binaries and shellcode while bypassing application control policies, attack surface reduction rules and EDR.
Read More
2021
Jul
Penetration Testing

By Dave Woodhouse July 5, 2021
You've Disabled Microsoft Office Macros? I Can Probably Run Them in my Desktop Session Anyway ...
I recently found a way to execute Microsoft Office macros in a desktop session ... regardless of Trust Center macro settings. Microsoft consider it expected behaviour, however the technique effectively constitutes an application whitelisting bypass and will likely be possible in most environments. This post details the macro execution method and provides some mitigation options that organisations can apply to prevent the bypass.
Read More
2021
May
Penetration Testing

By Dave Woodhouse May 03, 2021
Maximising penetration test value for clients: Why threat modelling, proving exploitability and demonstrating impact matters.
Threat modelling and proving exploitability of issues in the context of the threat model is key to gaining maximum value from a penetration test and ensuring that issue criticality levels are not misclassified. This post details how and why correctly applying a threat model can significantly alter the criticality rating of an issue even though the technical risk hasn’t changed and how demonstrating exploitability in the threat model context can help inform where resourcing for mitigations could be applied for best effect.
Read More
2020
Dec
Cloud Services

By Dave Woodhouse December 22, 2020
Sidestepping Active Directory Controls with AWS Permissions: Lateral Movement and Privilege Escalation
This post details some of the ways AWS permissions could be used to move laterally and escalate privileges in a cloud hosted Active Directory environment. This could be useful for penetration testers to side-step the usual Active Directory environment protections if AD has been well secured.
Read More