Maerisec's blog - pentesting, malware, gaming

  AEM is well-known in bug bounty programs. While Adobe frequently releases new CVEs (though, they are mainly undisclosed XSS vulnerabilities) through its private bug bounty program, no new AEM exploits have appeared on the market. However, as pentesters working under NDAs, we still encounter these applications for reqular checks, and we must pay close attention to every little detail to produce valuable and interesting reports. Here I describe my approach to AEM pentesting conducted mainly on production hosts. At the time of writing the newest version is 6.5.21.0 with no known CVEs: list . Google dork for AEMs inurl:/libs/granite/core Contents aem-hacker Testing for SSRF WCM Debug Filter Vulnerable Javascript libraries Information disclosure Files Bypass techniques Reflected XSS (2021) HTML Injection Summary I will update this post in the future with more examples. aem-hacker Always start with the toolset called aem-hacker. Though it was developed 6 years ago and the vulnerab...

This is first blogpost of my amateur research of free cheating programs available on code sharing platforms. We can often find repositories which contain just an ad to the developer's websites where wannabe cheaters must pay before downloading anything. I check the repos where there the authors release small chunks of code as a method to deceive players who will actually become targets of Trojans. I find free cheating software as a great source of malware samples, because one can be sure that cheaters will do anything to have any advantage over other players, including disabling antiviruses and other system protections. This way the malicious file won't be detected nor removed from the filesystem, moreover, it will be almost instantly opened. Contents: Sample 1. AsyncRAT Repository Dropper Malware Sample 2. Dropper in SCR file Repository Dropper Malware Sample 3. Lumma Stealer Repository Malware Sample 4. RedLine Stealer Repository Dropper Malware Summary Sample 1. AsyncRAT Rep...

So far, I've used my physical device for Android apps testing, but I always found it inconvenient for training. With a new Kali setup, it was a good time to create virtual Android testing lab. In this post I will describe how to set up my lab and start learning frida. I use: Genymotion version 3.7.1 (License for Personal Use) on Windows Hyper-V on Windows 11 Kali version 2024.1 Frida version 16.3.3 on Kali and other (Burp, adb, jadx, objection, ...) Note that this is a setup on my private PC, I don't use it for professional purposes.  For iOS apps testing, I recommend  iOS App Testing Through Burp on Corellium by Evan Custodio Android app hacking setup For Kali on Hyper-V setup see  this page . Let's start with Genymotion. I use this solution for Android virtualization because: It has a license for Personal use with enough functionalities. Competitors have some stories about being untrustworthy. Of course Android Studio has to be taken into account when cre...

This is a brief manual of my Hyper-V setup written for other hackers who were using VirtualBox/VMware their whole career like me and are not much interested in preparing advanced settings. Generally, using Hyper-V for the first time is eye opening. The experience is much different but, after a while, everything becomes intuitive. I'm using Windows 11 Pro and Kali VM.  Enable Hyper-V virtualization Hyper-V can't be downloaded from the Internet, it must be enabled on your PC. It will download itself automatically. Follow Microsoft instruction:  Step-By-Step: Enabling Hyper-V for Use on Windows 11 Recap: Win+R -> appwiz.cpl -> Turn Windows features on or off -> Hyper-V -> OK -> restart First look Left-hand panel displays available physical servers - in this case "ROSEMARY" is just a name of my PC. Your PC will be the only option unless you want to connect to remote servers. Virtual Machines panel contains a list of your VMs, and if you click one, the pane...

As penetration testers, we can't escape writing penetration test reports, no matter how inexperienced or experienced we are. Each vulnerability should be properly classified, described, and should be friendly to any reader - tech and non-tech person. In this series I will share with you my knowledge about how to write a professional report. Part 1:  Report sections Let's take a look at this graphic: The biggest chunk of the report should always be the Technical details where the vulnerabilities are described. The order of the summary, RoE, list of findings and technical details can be flexible, as long as it's rational. Title page should consist of: Name/Logo of company doing the test Name/Logo of the Client Test period Version/ID of the report Confidentiality level Optional: any disclaimer to the confidentiality classification Optional: personal names of the testers Optional: screenshot of the test subject Let's not merge Title page with Table of contents, okay? Gener...