Jonas Vestberg

@[email protected]
336 Followers
233 Following
146 Posts
Privilege Escalation Engineer @ WithSecure
Twitterhttps://twitter.com/bugch3ck
Githubhttps://github.com/bugch3ck
BlueSkyhttps://bsky.app/profile/bugch3ck.bsky.social
Show threadJonas VestbergFeb 18, 2023

The vulnerable code is in RemComSvc, setting an empty DACL on the pipe.

https://github.com/kavika13/RemCom/blob/master/RemComSvc/RemComSvc.cpp#L77

RemCom/RemComSvc.cpp at master · kavika13/RemCom

Remote Command Executor: A OSS replacement for PsExec and RunAs - or Telnet without having to install a server. Take your pick :) - RemCom/RemComSvc.cpp at master · kavika13/RemCom

GitHub
Show threadJonas VestbergFeb 18, 2023
If your psexec session is disrupted before clean-up, the service remains and will expose the target until it is restarted.
Jonas VestbergFeb 18, 2023
Disclosed today at the #Disobey conference - psexec from #impacket expose the target system for authenticated command execution as SYSTEM. That means any user that can authenticate over the network (usually Domain Users) can run code as SYSTEM over the network.
Jonas VestbergFeb 12, 2023
So next saturday I'll be dropping some vulns in the #impacket framework as part of my
#Disobey talk. If you are using or building services around impacket, watch out for PRs in the following days.
Jonas VestbergFeb 5, 2023
Noora Hammar Jan 30, 2023

Kinda excited.. the official program for Disobey 2023 is out!

https://disobey.fi/2023/program

#Hacker #event #disobey2023 #cybersecurity

Disobey - Program

Disobey - The Nordic Security Event

Jonas VestbergJan 23, 2023
YAKJan 23, 2023
Reposted with alt text because the original DIDN'T HAVE ANY  
Jonas VestbergJan 15, 2023
John StrandJan 14, 2023

I wanted to take a few moments and apologize to many of my former students.

In the past I said the industry needs people who look at security as a vocation and an avocation.

I was wrong.

Have a life outside of this industry.

Have hobbies that have nothing to do with your computer.

Get outside.

The problems of the industry are not problems of people not working hard enough.

They are not problems of people not being "hard core" enough.

They are problems of education and resource prioritization.

I was wrong.

I am sorry.

Stop breaking yourself on rocks for people who don't really care if you break yourself on rocks.

Jonas VestbergJan 10, 2023
decoder_itJan 10, 2023
We did it again with #LocalPotato!
A not-so-common NTLM reflection attack allowing for arbitrary read/write. Basically EoP from user to SYSTEM.
Tracked as #CVE-2023-21746 - Windows NTLM EoP
Soon more details --> http://localpotato.com
cc
@splinter_code
www.localpotato.com

Jonas VestbergJan 3, 2023
famkeDec 18, 2022
Everyday day existentialism
Jonas VestbergJan 3, 2023
Every parent knows...