-
Extraction Agent and Firewall: Software vs. Hardware
Using a firewall is essential to secure the installation of the extraction agent when performing low-level extraction from a variety of iOS devices. We developed two solutions: a software-based firewall for macOS and a hardware-based firewall using a Raspberry Pi (or similar microcomputer) with our own custom firmware. This guide will help you choose the…
-
Intelligent Load Balancing: Optimizing Password Recovery Across Heterogeneous Units
In the latest update of Elcomsoft Distributed Password Recovery (EDPR), we’ve introduced a revamped load-balancing feature. The new feature aims to enhance resource utilization on local workstations across diverse hardware configurations. This update has drastically reduced the time required to break passwords in certain hardware configurations, thanks to a refined load distribution algorithm. In this…
-
When Speed Matters: Imaging Fast NVMe Drives
Modern NVMe SSDs require specialized approaches for forensic analysis. Each year, the speed and capacity of these devices grow, presenting significant challenges related to both the speed and reliability of transferring large volumes of data when capturing disk images. In this article, we will test the imaging of a high-speed Samsung 980Pro NVMe drive with…
-
Outlook Forensic Toolbox Helps Access Deleted Messages
What can a forensic expert find in an Outlook data file? Can they recover deleted emails, contacts and appointments from Microsoft Outlook? Can users erase unwanted correspondence from Outlook? In this article, we’ll demonstrate how experts can recover valuable information from Outlook data files (PST/OST), including deleted emails, contacts, attachments, and appointments. Even when users…
-
Instant Password Removal for Quicken 2024
Advanced Intuit Password Recovery received a major overhaul, adding support for Intuit QuickBooks 2024. For QuickBooks’ annual update, we are excited to provide the complete solution for safe, instant, unconditional password removal. This enhancement addresses a persistent issue in earlier versions, making user management more reliable and efficient for users, IT professionals, and digital forensic…
-
Sideloading Low-Level Extraction Agent with Regular Apple IDs from Windows and Linux
Low-level extraction enables access to all the data stored in the iOS device. Previously, sideloading the extraction agent for imaging the file system and decrypting keychain required enrolling one’s Apple ID into Apple’s paid Developer Program if one used a Windows or Linux PC. Mac users could utilize a regular, non-developer Apple ID. Today, we…
-
Windows Sockets: From Registered I/O to SYSTEM Privileges
By Luca Ginex Overview This post discusses CVE-2024-38193, a use-after-free vulnerability in the afd.sys Windows driver. Specifically, the vulnerability is in the Registered I/O extension for Windows sockets. The vulnerability was patched in the August 2024 Patch Tuesday. This post describes the exploitation process for the vulnerability. First, we give a general overview of the…
-
Softaculous Webuzo Authentication Bypass
EIP-ce40b086 Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user. Vulnerability Identifier Exodus Intelligence: EIP-ce40b086 MITRE: CVE-2024-24621 Vulnerability Metrics CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C CVSSv2 Score: 10.0 Vendor References https://webuzo.com/blog/webuzo-4-2-9-launched/ Discovery Credit Exodus Intelligence Disclosure Timeline Disclosed to…
-
Softaculous Webuzo Password Reset Command Injection
EIP-92dd8e27 Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. Vulnerability Identifier Exodus Intelligence: EIP-92dd8e27 MITRE: CVE-2024-24622 Vulnerability Metrics CVSSv2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv2 Score: 9.0 Vendor References https://webuzo.com/blog/webuzo-4-2-9-launched/ Discovery Credit Exodus Intelligence Disclosure Timeline Disclosed to vendor: July…
-
Softaculous Webuzo FTP Management Command Injection
EIP-4ab5e9b4 Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. Vulnerability Identifier Exodus Intelligence: EIP-4ab5e9b4 MITRE: CVE-2024-24623 Vulnerability Metrics CVSSv2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv2 Score: 9.0 Vendor References https://webuzo.com/blog/webuzo-4-2-9-launched/ Discovery Credit Exodus Intelligence Disclosure Timeline Disclosed to vendor:…