Toggle menu
Corporate 25 May 2018
Ultimate Cyber Security Guide For Businesses

For today’s executives, senior managers, and entrepreneurs, the online world offers amazing opportunities to connect with new customers, open up in brand new markets, and empower their employees to innovate and to reach their full potential. A lot of what happens in business today is, quite frankly, unimaginable to the generations of executives, senior managers, […]

Corporate 19 May 2018
What To Look For In An Effective Penetration Test

As the profile of penetration testing grows, a wider variety of service options and providers are entering the marketplace. This gives businesses more choice when deciding on the package to pick. But not all penetration tests are created equal, so here are a few things to look out for to help you select the most […]

Research 27 April 2018
DLink DCS-5020L Day n’ Night Camera Remote Code Execution Walkthrough

Description “The DCS-5020L Wireless N Day & Night Pan/Tilt Cloud Camera is a day/night network camera that easily connects to your existing home network for remote viewing on a range of mobile devices. It features pan, tilt and digital zoom function to allow you to see a wider area with a single camera, built-in Wi-Fi […]

Research 26 April 2018
TPLink TLWR740n Router Remote Code Execution

Introduction In October of 2017 we disclosed multiple vulnerabilities in TP-Link’s WR940n router that occurred due to multiple code paths calling strcpy on user controllable unsanitised input (CVE-2017-13772) The httpd binary responsible for these vulnerabilities contained patterns of code that looked similar to the following: At the time of disclosure, there were around 7000 of […]

Research 25 April 2018
Suspicious Activity Is Being Detected?… Right?…

Introduction A few days ago I received a message from a friend who had just had his Deliveroo (food delivery service in the UK) account compromised and someone in London had used it to order a copious amount of food and alcohol; brazen, I know. The interesting part of this story is my friend was […]

Research 19 March 2018
Unauthenticated Start of Telnetd on Tenda AC15 Router

Introduction We previously showed how the Tenda AC15 router was vulnerable to an unauthenticated remote code execution vulnerability via a stack based buffer overflow. Writing exploits like that can be incredibly interesting, but sometimes, all you need is a GET request to get root. In this post we will outline another vulnerability that allows an […]

Research 19 March 2018
Hard Coded Accounts in the Tenda AC15 Router – CVE-2018-5768

Introduction The Tenda AC15 router was found to contain a variety of unnecessary accounts that contain incredibly weak passwords. Note that these accounts do not allow access to the web interface, but are also not configurable from said interface. This means that without access to the device (such as telnet or ssh), a user cannot […]