Abdulrahman Nour

Offensive security engineer at Redforce   •   https://twitter.com/aboodnour

Attacking Helpdesks - Part 1: DeskPro

Attacking HelpDesks Part 1: RCE Chain on DeskPro, with Bitdefender as a Case Study

We decided to look at the most popular on-premise helpdesk solutions. In this article we explain how we managed to find and exploit multiple vulnerabilities that eventually lead to remote code execution (RCE) at DeskPro software utilized by thousands of organizations using Bitdefender and Freelancer Inc in a case study. No full exploit is currently available, but steps can be easily reproduced and used to build one.
Web Security   •   March 28, 2020   •   15 min read
DUMPit - The new SHAREit Vulnerability

SHAREit Multiple Vulnerabilities Enable Unrestricted Access to Adjacent Devices’ Files

Two recently discovered vulnerabilities affecting SHAREit Android application <= v 4.0.38. The first one allows attacker to bypass SHAREit device authentication mechanism, and the other one enables authenticated attacker to download arbitrary files from user's device. Both vulnerabilities were reported to the vendor and patches have been released.

Mobile Penetration Testing   •   February 25, 2019   •   17 min read