Category Archives: Tools

Office365 ActiveSync Username Enumeration

Summary There is a simple username enumeration issue in Office365’s ActiveSync, Microsoft do not consider this a vulnerability so Sec-1 do not expect this issue to be fixed. Sec-1 Penetration Tester Oliver Morton has written a script to exploit this which is … Continue reading

Posted in Advisories, Tools | Tagged , , , | Comments Off on Office365 ActiveSync Username Enumeration

Veritas NetBackup Appliance Unauthenticated Remote Command Execution

Sec-1 Security Advisory Severity : High Advisory Name : Veritas NetBackup Appliance Unauthenticated Remote Command Execution Discovery Date : 17/05/2016 Release Date : 04/10/2016 Application : NetBackup Appliance versions 2.6.0.1 through to v2.7.3, and the v3.0 series Platform : Linux … Continue reading

Posted in Advisories, Tools | Comments Off on Veritas NetBackup Appliance Unauthenticated Remote Command Execution

Hunting HTML 5 postMessage Vulnerabilities

Download Paper: Hunting postMessage Vulnerabilities Download Sample Code: sample code Sec-1 Ltd partnered with AppCheck.com to undertake a research project investigating the security challenges posed by next generation web applications. The project included an investigation of Cross-Origin communication mechanisms provided … Continue reading

Posted in News, Tools, White Papers | Comments Off on Hunting HTML 5 postMessage Vulnerabilities

Tool: Group Policy Passwords Exploit Tool – gp3finder

Group Policy preferences were introduced by Microsoft in Windows 2008 allowing administrators to configure unmanaged settings (settings which the user can change) from a centrally managed location – Group Policy Objects (GPO) [1]. Among the preference items configurable through Group Policy … Continue reading

Posted in Tools | Comments Off on Tool: Group Policy Passwords Exploit Tool – gp3finder

Helping the Community

One of the things we like to do at Sec-1 is contribute back to the community wherever possible. As full time Penetration Testers, we often perform Research and Development to identify new vulnerabilities, adding checks to our scanning tools to help organisations highlight areas … Continue reading

Posted in News, Tools | Comments Off on Helping the Community

ShareCheck Windows Enumeration Tool v2.0

Sec-1 ShareCheck was written during a penetration test to assess a given IP Address range for weak file share permissions Continue reading

Posted in Tools | 2 Comments