Unauthorized FLIR (Lorex) Cloud Access

Posted by Jake Reynolds on October 10, 2017Link 

Traditionally, closed circuit tv (CCTV) cameras and digital video recorders (DVRs) have been stand-alone, self-contained systems.  If the ability to access these systems remotely was required it was most commonly achieved by opening a port on a firewall and allowing access from the Internet to the DVR or camera directly.  Although effective, that method of access left what was in...Continue reading 

CVE-2017-6079 – Blind Command Injection in Edgewater Edgemarc Devices

Posted by Spencer Davis on May 16, 2017Link 

During a recent external penetration test, one of the many servers listening on the default HTTP port 80 caught my eye. The web server threw a HTTP Basic Authentication login prompt immediately upon viewing it, which was unique amongst this particular target network. Some time was spent trying to fingerprint the device and nmap did most of the heavy lifting for...Continue reading 

Hashing Horror

Posted by Brian Berg on April 06, 2017Link 

Recently, I was working on a web application assessment that acted like a feature filled version of the Damn Vulnerable Web App. That meant there was a lot of XSS of course and a heavy handful of SQL injection vectors. This isn’t a post on how terrible the application was but the interesting way they chose to store their...Continue reading 

Have Questions?
Get Answers