@Mediaservice.net Technical Blog

Recent News

CVE-2017-10271: Oracle WebLogic Server Remote Command Execution – Sleep detection payload

CVE-2017-10271: Oracle WebLogic Server Remote Command Execution – Sleep detection payload

Recently we faced a version of Oracle WebLogic vulnerable to CVE-2017-10271. The issue can be exploited…

Brida – A step-by-step user guide

Brida – A step-by-step user guide

Hi! Today we will take a step-by-step tour on how to use Brida. We…

From XML External Entity to NTLM Domain Hashes

From XML External Entity to NTLM Domain Hashes

During this article I will show how it is possible to obtain NTLM password hashes…

How a UNIX hacker discovered the Windows PowerShell

How a UNIX hacker discovered the Windows PowerShell

*** EDIT (2018-03-12): This script served me very well during these last months and I've finally…

A patch for PowerSploit’s Invoke-Shellcode.ps1

A patch for PowerSploit’s Invoke-Shellcode.ps1

In my recent and somewhat surprising exploration of Windows PowerShell (stay tuned for a longer…

In praise of tactical exploitation

Having honed my skills during the X.25 and Phreaking era, I've always been a vocal proponent…

Advanced mobile penetration testing with Brida – Slides HackInBo 2017 WE

Advanced mobile penetration testing with Brida – Slides HackInBo 2017 WE

Hi! Here you can download the slides of my talk presented at HackInBo 2017 Winter…

Handy Collaborator – Because Burp Suite Collaborator is useful also during manual testing!

Handy Collaborator – Because Burp Suite Collaborator is useful also during manual testing!

Hi! Today I will show you a new Burp Suite plugin, Handy Collaborator, that the…