GoSecure Blog

Automating local DTD discovery for XXE exploitation

Last month, we presented at Hack In Paris (France) a XML External Entities (XXE) exploitation workshop. It showcase methods to exploit XXE with numerous obstacles. Today, we present our method to exploit XXEs with a local Document Type Declaration (DTD) file. More specifically, how we built a huge list of reusable DTD files.

Read More

Topics: appsec, tool, web, pentest

Abusing Unsafe Defaults in Active Directory Domain Services: A Real-World Case Study

This past July, Kevin Robertson from NetSPI released a blog post entitled, "Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS," which introduced a new technique (to us at least) targeting weak default access control in Active Directory Domain Services. At GoSecure, since most of our engagements require some level of Active Directory security assessment, we followed our interest and decided to find a way to reliably exploit it.

Read More

Topics: pentest, Featured, Active Directory, NTLM