Using URI to pop shells via Discord Client

Introduction Myself and fellow researcher: Styx were the leads on this research we were backed up by CyberSecStu, and 5w0rdFish from The Many Hats Club. We discovered a vulnerability within the Discord client that enabled an attacker to call local programs on a target system. We then took this flaw and used it to pivot…
Read more

14th December 2018 0

Global Aviation Cyber Security Issue – AirFASE Write Up

Global Aviation Cyber Security Issue – AirFASE Write Up A small group of security researchers formed of Kizzzzurt (@Infosec_Pom), CyberSecStu (@CyberSecStu) and myself discovered 32 AirFASE devices connected to the public internet via port 8080 over HTTP. The initial discovery was made by Kizzzzurt in early June. We worked in attributing the AirFASE devices to…
Read more

20th July 2018 0

QR Codes! The Modern USB Drop

This the beginning of an investigation I will be conducting into the susceptibility of the general public to scan a QR code in a public space. This is because the changing of times from USB drops in the car park to slapping a QR code sticker onto a lamp post near a target and having…
Read more

13th July 2018 0