Testing Ripple20: A closer look and proof of concept script for CVE-2020-11898

TL;DR: We use a proof of concept script to attack a Digi Connect ME 9210 device affected by CVE-2020-11898, part of the newly-released Ripple20 series of vulnerabilities. Ripple20 In June 2020, JSOF released information about a series of 19 vulnerabilities dubbed "Ripple20". Ripple20 affects the popular Treck network stack, which is used by many connected [...]

Using Word2Vec to spot anomalies while Threat Hunting using ee-outliers

Introduction In this blog post, we want to introduce the user to the concept of using Machine Learning techniques designed to originally spot anomalies in written (English) sentences, and instead apply them to support the Threat Analyst in spotting anomalies in security events. The basic idea behind this is that we try to identify sentences [...]

Introducing IOXY: an open-source MQTT intercepting proxy

TL;DR: IOXY is an open source MQTT intercepting proxy, developed by NVISO for our IoT pentest needs, and now available on GitHub. Features include a GUI, live packet interception and modification and MQTTS support. The need for IOXY In the web and mobile application worlds, intercepting proxies like Burp and OWASP ZAP occupy a central [...]

Unmanaged file searching with Filesearcher.exe

During our red team engagements, we are often reliant on a command and control infrastructure. Typically these infrastructures are capable of loading .NET assemblies in memory, which gave me the idea of coding a filesearcher assembly. This was partially invented because of a CTF event I was participating in which had me hunting several file [...]

IoT hacking field notes #2: Using bind mounts to temporarily modify read-only files

TL;DR: The second of our short, IoT-related posts shares a simple trick we use in IoT pentests to temporarily change the contents of read-only files in Linux-based devices. Very useful when trying to proxy network traffic or temporary change the behavior of a device! IoT field notes is a series of short stories about interesting [...]

Burp, OAuth2.0 and tons of coding: a testimony of my internship in the penetration testing team at NVISO!

Hi my name is Turpal and I did my internship at NVISO starting on the 24th of February until the 29th of May 2020. In this blog post, I want to provide a bit more details about what exactly I did during this time, and what my experience felt like! The internship was part of [...]

Intercepting Flutter traffic on iOS

My previous blogposts explained how to intercept Flutter traffic on Android ARMv8, with a detailed follow along guide for ARMv7. This blogpost does the same for iOS. Testing apps The beauty of a cross-platform application is of course that I can use my previous Android test app for iOS so it has the same functionality. [...]