Showing 3 results for: March 2014 ×Penetration Testing ×

An Intro to NetSupport Manager Scripts

On a recent gig I was hit with hundreds of hosts running a service on port TCP 5405, the NetSupport remote management application. Running a version port scan on them revealed nothing more than: 5405/tcp open netsupport NetSupport PC remote...

Old School Code Injection in an ATM .dll

During our last ATM review engagement, we found some interesting executable files that were run by Windows Services under Local System account. These binaries had weak file permissions that allowed us to modify them using the standard ATM user account....