Deep Dive: http.favicon
Growth Setup Favicons are the small icons that you see in the browser tab next to the website title or in your bookmarks. For example, the Shodan logo on the left side…
News
Free Training: Microsoft Office Offensive Tradecraft for Red Teamers
We are hosting a free training on Microsoft Office Offensive Tradecraft aimed at red teamers. Head over here for more details and for registration. The post Free Training: Microsoft Office…
Mapping Virtual to Physical Addresses Using Superfetch
With the Bring Your Own Vulnerable Driver (BYOVD) technique popping up in Red Teaming arsenals, we have seen additional capabilities being added like the ability to kill (EDR) processes or…
Reflecting on a Year with Fortra and Next Steps for Outflank
When we debuted OST back in 2021, we wrote a blog detailing both the product features and the rationale for investing time into this toolset. In 2022, we joined forces…
Leaking Session Tokens with CVE-2023-4966
Introduction It’s time for another round Citrix Patch Diffing! Earlier this month Citrix released a security bulletin which mentioned “unauthenticated buffer-related vulnerabilities” and two CVEs. These issues affected Citrix NetScaler…
Listing remote named pipes | Outflank
On Windows, named pipes are a form of interprocess communication (IPC) that allows processes to communicate with one another, both locally and across the network. Named pipes serve as a…
Solving The “Unhooking” Problem | Outflank
For avoiding EDR userland hooks, there are many ways to cook an egg: Direct system calls (syscalls), Indirect syscalls, unhooking, hardware breakpoints, and bringing and loading your own version of…
RCE in Progress WS_FTP Ad Hoc via IIS HTTP Modules (CVE-2023-40044)
Executive Team Note: Our coordinated disclosure policy works on a 90 day timeline where we will disclose via our website 90 days after we report to a vendor. If a…
Changelog: www.shodan.io
A few notable usability improvements to the IP information page: Web Technologies Web technologies are now grouped by categories and we show version information (if available). The information was always…
Leaking File Contents with a Blind File Oracle in Flarum
Introduction Flarum is a free, open source PHP-based forum software used for everything from gaming hobbyist sites to cryptocurrency discussion. A quick survey on Shodan suggests there are over 1200…