Analyzing two FreeSWITCH vulnerabilities – CVE-2021-41157 & CVE-2021-37624

Analyzing two FreeSWITCH vulnerabilities -- CVE-2021-41157 & CVE-2021-37624
This post is about two vulnerabilities that I researched on a year back in the FreeSWITCH VoIP server that were fixed and disclosed publicly a few weeks ago. Both of the vulnerabilities were issues that affected the SIP functionality in all versions below v1.10.7 and were categorized under CWE-287. Background # The story dates to a year ago, back when I was still learning about RTC (real-time communications) security and working under Sandro – where we used to do a lot of research on real-time communication infra.
Continue reading →

Offensive WMI - Active Directory Enumeration (Part 5)

Offensive WMI - Active Directory Enumeration (Part 5)
This blog is the fifth installation of the “Offensive WMI” series that I’ve been writing on, and this post will cover Active Directory enumeration. Active Directory (AD) is Microsoft’s implementation of a directory and IAM service for Windows domain networks – which enables admins to manage permissions and access to resources. Anything used for managing multiple resources is handy for administrators, however, the same is also useful for evil-doers in gathering information and lateral movement.
Continue reading →

Offensive WMI - Reconnaissance & Enumeration (Part 4)

Offensive WMI - Reconnaissance & Enumeration (Part 4)
This is the fourth part of the “Offensive WMI” series which will focus a bit more on information gathering and enumeration. WMI provides a plethora of classes from which we can enumerate a lot of stuff. So let’s dive in without wasting any more time. Gathering basic information # In our previous blogs, we have already seen a lot of classes that provide us with valuable information about a system, e.
Continue reading →

Offensive WMI - Interacting with Windows Registry (Part 3)

Offensive WMI - Interacting with Windows Registry (Part 3)
This is the third instalment of the “Offensive WMI” series (the 2nd is here), and this blog will focus on interacting with the Windows Registry. A useful thing to know before we start, MITRE ATT&CK classifies querying of registry values under T1012 and its modification under T1112. Let’s dive in. What is Windows Registry? # In simple terms, the registry is a database that stores configuration settings and options of the operating system: the kernel, device drivers, services, SAM, user interface and third party applications all make use of the registry.
Continue reading →

Offensive WMI - Exploring Namespaces, Classes & Methods (Part 2)

Offensive WMI - Exploring Namespaces, Classes & Methods (Part 2)
This blog post is the second part of the “Offensive WMI” series (the first is here), and this article will be focusing on the 3 major components in WMI that we’d be majorly dealing with. Throughout the article, we’ll be using both WMI and CIM cmdlets interchangeably so that we’re well-versed with both cmdlet types. Namespaces # Let’s recall what namespaces are in simple terms: A namespace organizes information similar to folders in a filesystem.
Continue reading →