A SHEEP IN WOLF’S CLOTHING Why DoS isn’t compromise – 5 Years of Real Penetration Test Data

to Stand Behind

HOT POTATO – WINDOWS PRIVILEGE ESCALATIONSEE MORE ON FOXGLOVESECURITY.COM

PAGE 2

What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. A SHEEP IN WOLF’S CLOTHING WHY DOS ISN’T COMPROMISE FINDING PEARLS; FUZZING CLAMAV WHAT DO WEBLOGIC, WEBSPHERE, JBOSS, JENKINS, OPENNMS, ANDSEE MORE ON FOXGLOVESECURITY.COM ABUSING TOKEN PRIVILEGES FOR WINDOWS LOCAL PRIVILEGE By @dronesec and @breenmachine This a project my friend drone and I have been poking at for quite some time and are glad to finally be releasing. As the title implies, we're going to be looking at leveraging Windows access tokens with the goal of local privilege escalation. For those familiar with some HACKING JASPERREPORTS

ROTTEN POTATO

A SHEEP IN WOLF’S CLOTHING Why DoS isn’t compromise – 5 Years of Real Penetration Test Data

to Stand Behind

HOT POTATO – WINDOWS PRIVILEGE ESCALATIONSEE MORE ON FOXGLOVESECURITY.COM

PAGE 2

What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. A SHEEP IN WOLF’S CLOTHING WHY DOS ISN’T COMPROMISE FINDING PEARLS; FUZZING CLAMAV WHAT DO WEBLOGIC, WEBSPHERE, JBOSS, JENKINS, OPENNMS, ANDSEE MORE ON FOXGLOVESECURITY.COM ABUSING TOKEN PRIVILEGES FOR WINDOWS LOCAL PRIVILEGE By @dronesec and @breenmachine This a project my friend drone and I have been poking at for quite some time and are glad to finally be releasing. As the title implies, we're going to be looking at leveraging Windows access tokens with the goal of local privilege escalation. For those familiar with some HACKING JASPERREPORTS

ROTTEN POTATO

ABUSING TOKEN PRIVILEGES FOR WINDOWS LOCAL PRIVILEGE By @dronesec and @breenmachine This a project my friend drone and I have been poking at for quite some time and are glad to finally be releasing. As the title implies, we're going to be looking at leveraging Windows access tokens with the goal of local privilege escalation. For those familiar with some HACKING JASPERREPORTS The purpose of JasperReports is to pull in data from various sources (databases, xml, flat files, etc), aggregate it in some way, and spit out a pretty report based on some sort of user-defined template. Templates in JasperReports are defined in “JRXML” files that can be uploaded by any user allowed to create or edit reports. THE TEAM - FOXGLOVESECURITY.COM Justin Kennedy - @jstnkndy Justin Kennedy is a Research Consulting Director at Atredis Partners . By day, he performs penetration testing and red teaming for organizations in all verticals, by night he participates in bug bounties and performs research. Justin's background includes systems administration, network defense, and being

mischievous.

CAR HACKING FOR PLEBS By @breenmachine How bad web applications affect the security of your vehicle Update - 03 Nov 2015 After publishing this post, it came to our attention that a number of other researchers had identified and reported the exact same vulnerability. Despite this, the fix still took well over a year. This demonstrates a typical failure FOXGLOVESECURITY.COM By @breenmachine Sometimes the marketing department goes a little too far. Most of us who work in security have been there, non-technical people enthusiastic about selling the technical features of your product or service sometimes need to be reigned in. MONTH: SEPTEMBER 2016 1 post published by breenmachine during September 2016

WHEN WHALES FLY

Because we are going to share our wireless adapter with a docker container, we still need to do this step. In my case, it’s as simple as running the following on the host OS: 1. 2. 3. ~$ sudo nmcli nm wifi off. ~$ sudo rfkill unblock wlan. ~$ sudo ifconfig wlan0 10.0.0.1/24 up. Finally, we are ready to DAY: NOVEMBER 6, 2015 1 post published by breenmachine on November 6, 2015 TYPE JUGGLING AND PHP OBJECT INJECTION, AND SQLI, OH MY! Type Juggling and PHP Object Injection, and SQLi, Oh My! While looking for bugs in a target recently I came across a host that was running Expression Engine, a content management platform. This specific application caught my eye because upon attempting to login to the application with the username ‘admin’, the server responded with a

cookie

A SHEEP IN WOLF’S CLOTHING Why DoS isn’t compromise – 5 Years of Real Penetration Test Data

to Stand Behind

HOT POTATO – WINDOWS PRIVILEGE ESCALATIONSEE MORE ON FOXGLOVESECURITY.COM

PAGE 2

What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. A SHEEP IN WOLF’S CLOTHING WHY DOS ISN’T COMPROMISE FINDING PEARLS; FUZZING CLAMAV WHAT DO WEBLOGIC, WEBSPHERE, JBOSS, JENKINS, OPENNMS, ANDSEE MORE ON FOXGLOVESECURITY.COM ABUSING TOKEN PRIVILEGES FOR WINDOWS LOCAL PRIVILEGE By @dronesec and @breenmachine This a project my friend drone and I have been poking at for quite some time and are glad to finally be releasing. As the title implies, we're going to be looking at leveraging Windows access tokens with the goal of local privilege escalation. For those familiar with some HACKING JASPERREPORTS

ROTTEN POTATO

A SHEEP IN WOLF’S CLOTHING Why DoS isn’t compromise – 5 Years of Real Penetration Test Data

to Stand Behind

HOT POTATO – WINDOWS PRIVILEGE ESCALATIONSEE MORE ON FOXGLOVESECURITY.COM

PAGE 2

What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. A SHEEP IN WOLF’S CLOTHING WHY DOS ISN’T COMPROMISE FINDING PEARLS; FUZZING CLAMAV WHAT DO WEBLOGIC, WEBSPHERE, JBOSS, JENKINS, OPENNMS, ANDSEE MORE ON FOXGLOVESECURITY.COM ABUSING TOKEN PRIVILEGES FOR WINDOWS LOCAL PRIVILEGE By @dronesec and @breenmachine This a project my friend drone and I have been poking at for quite some time and are glad to finally be releasing. As the title implies, we're going to be looking at leveraging Windows access tokens with the goal of local privilege escalation. For those familiar with some HACKING JASPERREPORTS

ROTTEN POTATO

ABUSING TOKEN PRIVILEGES FOR WINDOWS LOCAL PRIVILEGE By @dronesec and @breenmachine This a project my friend drone and I have been poking at for quite some time and are glad to finally be releasing. As the title implies, we're going to be looking at leveraging Windows access tokens with the goal of local privilege escalation. For those familiar with some HACKING JASPERREPORTS The purpose of JasperReports is to pull in data from various sources (databases, xml, flat files, etc), aggregate it in some way, and spit out a pretty report based on some sort of user-defined template. Templates in JasperReports are defined in “JRXML” files that can be uploaded by any user allowed to create or edit reports. THE TEAM - FOXGLOVESECURITY.COM Justin Kennedy - @jstnkndy Justin Kennedy is a Research Consulting Director at Atredis Partners . By day, he performs penetration testing and red teaming for organizations in all verticals, by night he participates in bug bounties and performs research. Justin's background includes systems administration, network defense, and being

mischievous.

CAR HACKING FOR PLEBS By @breenmachine How bad web applications affect the security of your vehicle Update - 03 Nov 2015 After publishing this post, it came to our attention that a number of other researchers had identified and reported the exact same vulnerability. Despite this, the fix still took well over a year. This demonstrates a typical failure FOXGLOVESECURITY.COM By @breenmachine Sometimes the marketing department goes a little too far. Most of us who work in security have been there, non-technical people enthusiastic about selling the technical features of your product or service sometimes need to be reigned in. MONTH: SEPTEMBER 2016 1 post published by breenmachine during September 2016

WHEN WHALES FLY

Because we are going to share our wireless adapter with a docker container, we still need to do this step. In my case, it’s as simple as running the following on the host OS: 1. 2. 3. ~$ sudo nmcli nm wifi off. ~$ sudo rfkill unblock wlan. ~$ sudo ifconfig wlan0 10.0.0.1/24 up. Finally, we are ready to DAY: NOVEMBER 6, 2015 1 post published by breenmachine on November 6, 2015 TYPE JUGGLING AND PHP OBJECT INJECTION, AND SQLI, OH MY! Type Juggling and PHP Object Injection, and SQLi, Oh My! While looking for bugs in a target recently I came across a host that was running Expression Engine, a content management platform. This specific application caught my eye because upon attempting to login to the application with the username ‘admin’, the server responded with a

cookie

A SHEEP IN WOLF’S CLOTHING Why DoS isn’t compromise – 5 Years of Real Penetration Test Data

to Stand Behind

PAGE 2

What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. HOT POTATO – WINDOWS PRIVILEGE ESCALATIONSEE MORE ON FOXGLOVESECURITY.COM A SHEEP IN WOLF’S CLOTHING WHY DOS ISN’T COMPROMISE WHAT DO WEBLOGIC, WEBSPHERE, JBOSS, JENKINS, OPENNMS, ANDSEE MORE ON FOXGLOVESECURITY.COM FINDING PEARLS; FUZZING CLAMAV ABUSING TOKEN PRIVILEGES FOR WINDOWS LOCAL PRIVILEGE By @dronesec and @breenmachine This a project my friend drone and I have been poking at for quite some time and are glad to finally be releasing. As the title implies, we're going to be looking at leveraging Windows access tokens with the goal of local privilege escalation. For those familiar with some HACKING JASPERREPORTS

ROTTEN POTATO

A SHEEP IN WOLF’S CLOTHING Why DoS isn’t compromise – 5 Years of Real Penetration Test Data

to Stand Behind

PAGE 2

What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. HOT POTATO – WINDOWS PRIVILEGE ESCALATIONSEE MORE ON FOXGLOVESECURITY.COM A SHEEP IN WOLF’S CLOTHING WHY DOS ISN’T COMPROMISE WHAT DO WEBLOGIC, WEBSPHERE, JBOSS, JENKINS, OPENNMS, ANDSEE MORE ON FOXGLOVESECURITY.COM FINDING PEARLS; FUZZING CLAMAV ABUSING TOKEN PRIVILEGES FOR WINDOWS LOCAL PRIVILEGE By @dronesec and @breenmachine This a project my friend drone and I have been poking at for quite some time and are glad to finally be releasing. As the title implies, we're going to be looking at leveraging Windows access tokens with the goal of local privilege escalation. For those familiar with some HACKING JASPERREPORTS

ROTTEN POTATO

THE TEAM - FOXGLOVESECURITY.COM Justin Kennedy - @jstnkndy Justin Kennedy is a Research Consulting Director at Atredis Partners . By day, he performs penetration testing and red teaming for organizations in all verticals, by night he participates in bug bounties and performs research. Justin's background includes systems administration, network defense, and being

mischievous.

HACKING JASPERREPORTS The purpose of JasperReports is to pull in data from various sources (databases, xml, flat files, etc), aggregate it in some way, and spit out a pretty report based on some sort of user-defined template. Templates in JasperReports are defined in “JRXML” files that can be uploaded by any user allowed to create or edit reports. FOXGLOVESECURITY.COM By @breenmachine Sometimes the marketing department goes a little too far. Most of us who work in security have been there, non-technical people enthusiastic about selling the technical features of your product or service sometimes need to be reigned in. CAR HACKING FOR PLEBS By @breenmachine How bad web applications affect the security of your vehicle Update - 03 Nov 2015 After publishing this post, it came to our attention that a number of other researchers had identified and reported the exact same vulnerability. Despite this, the fix still took well over a year. This demonstrates a typical failure MONTH: SEPTEMBER 2016 1 post published by breenmachine during September 2016

WHEN WHALES FLY

Because we are going to share our wireless adapter with a docker container, we still need to do this step. In my case, it’s as simple as running the following on the host OS: 1. 2. 3. ~$ sudo nmcli nm wifi off. ~$ sudo rfkill unblock wlan. ~$ sudo ifconfig wlan0 10.0.0.1/24 up. Finally, we are ready to DAY: NOVEMBER 6, 2015 1 post published by breenmachine on November 6, 2015 TYPE JUGGLING AND PHP OBJECT INJECTION, AND SQLI, OH MY! Type Juggling and PHP Object Injection, and SQLi, Oh My! While looking for bugs in a target recently I came across a host that was running Expression Engine, a content management platform. This specific application caught my eye because upon attempting to login to the application with the username ‘admin’, the server responded with a

cookie

A SHEEP IN WOLF’S CLOTHING Why DoS isn’t compromise – 5 Years of Real Penetration Test Data

to Stand Behind

THE TEAM - FOXGLOVESECURITY.COM Justin Kennedy - @jstnkndy Justin Kennedy is a Research Consulting Director at Atredis Partners . By day, he performs penetration testing and red teaming for organizations in all verticals, by night he participates in bug bounties and performs research. Justin's background includes systems administration, network defense, and being

mischievous.

HOT POTATO – WINDOWS PRIVILEGE ESCALATIONSEE MORE ON FOXGLOVESECURITY.COM

PAGE 2

What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. A SHEEP IN WOLF’S CLOTHING ABUSING TOKEN PRIVILEGES FOR WINDOWS LOCAL PRIVILEGE By @dronesec and @breenmachine This a project my friend drone and I have been poking at for quite some time and are glad to finally be releasing. As the title implies, we're going to be looking at leveraging Windows access tokens with the goal of local privilege escalation. For those familiar with some WHAT DO WEBLOGIC, WEBSPHERE, JBOSS, JENKINS, OPENNMS, ANDSEE MORE ON FOXGLOVESECURITY.COM HACKING JASPERREPORTS FUZZING WORKFLOWS; A FUZZ JOB FROM START TO FINISH By @BrandonPrry Many people have garnered an interest in fuzzing in the recent years, with easy-to-use frameworks like American Fuzzy Lop showing incredible promise and (relatively) low barrier to entry. Many websites on the internet give brief introductions to specific features of AFL, how to start fuzzing a given piece of software, but never WHY DOS ISN’T COMPROMISE A SHEEP IN WOLF’S CLOTHING Why DoS isn’t compromise – 5 Years of Real Penetration Test Data

to Stand Behind

THE TEAM - FOXGLOVESECURITY.COM Justin Kennedy - @jstnkndy Justin Kennedy is a Research Consulting Director at Atredis Partners . By day, he performs penetration testing and red teaming for organizations in all verticals, by night he participates in bug bounties and performs research. Justin's background includes systems administration, network defense, and being

mischievous.

HOT POTATO – WINDOWS PRIVILEGE ESCALATIONSEE MORE ON FOXGLOVESECURITY.COM

PAGE 2

What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. A SHEEP IN WOLF’S CLOTHING ABUSING TOKEN PRIVILEGES FOR WINDOWS LOCAL PRIVILEGE By @dronesec and @breenmachine This a project my friend drone and I have been poking at for quite some time and are glad to finally be releasing. As the title implies, we're going to be looking at leveraging Windows access tokens with the goal of local privilege escalation. For those familiar with some WHAT DO WEBLOGIC, WEBSPHERE, JBOSS, JENKINS, OPENNMS, ANDSEE MORE ON FOXGLOVESECURITY.COM HACKING JASPERREPORTS FUZZING WORKFLOWS; A FUZZ JOB FROM START TO FINISH By @BrandonPrry Many people have garnered an interest in fuzzing in the recent years, with easy-to-use frameworks like American Fuzzy Lop showing incredible promise and (relatively) low barrier to entry. Many websites on the internet give brief introductions to specific features of AFL, how to start fuzzing a given piece of software, but never WHY DOS ISN’T COMPROMISE THE TEAM - FOXGLOVESECURITY.COM Justin Kennedy - @jstnkndy Justin Kennedy is a Research Consulting Director at Atredis Partners . By day, he performs penetration testing and red teaming for organizations in all verticals, by night he participates in bug bounties and performs research. Justin's background includes systems administration, network defense, and being

mischievous.

WHY DOS ISN’T COMPROMISE By @jstnkndy What is this and why might I care? Verizon recently released their annual Data Breach Investigations Report (DBIR) which contains a list of "the top 10 vulnerabilities accounting for 85% of successful exploit traffic". As someone who makes their living actually breaking into organizations, I was interested in checking out

the top 10

FINDING PEARLS; FUZZING CLAMAV By @brandonprry Previously, I wrote about the general workflow to follow if you wanted to seriously begin fuzzing applications, while covering fuzzing a small YAML library. In this post, we will cover taking that workflow and applying it in real life to the open-source antivirus project ClamAV. This fuzz job was literally months in the CAR HACKING FOR PLEBS By @breenmachine How bad web applications affect the security of your vehicle Update - 03 Nov 2015 After publishing this post, it came to our attention that a number of other researchers had identified and reported the exact same vulnerability. Despite this, the fix still took well over a year. This demonstrates a typical failure MONTH: SEPTEMBER 2016 1 post published by breenmachine during September 2016

ROTTEN POTATO

By @breenmachine This past Friday, myself and my partner in crime, Chris Mallz (@vvalien1) spoke at DerbyCon about a project we've been working on for the last few months. For those interested in watching the talk, it's online here and the code is available on the FoxGlove Security GitHub page. This blog post is going to ABOUT FOXGLOVE SECURITY FoxGlove Security is a top-tier team of information security professionals. Our team specializes in high end penetration testing and red teaming scenarios, simulating the actions of real, advanced attackers. Unlike many competitors, our assessment doesn't stop when access is obtained. We simulate the actions of an attacker attempting to persist in your network, going after DAY: NOVEMBER 6, 2015 1 post published by breenmachine on November 6, 2015 A SHEEP IN WOLF’S CLOTHING Why DoS isn’t compromise – 5 Years of Real Penetration Test Data

to Stand Behind

HOT POTATO – WINDOWS PRIVILEGE ESCALATIONSEE MORE ON FOXGLOVESECURITY.COM

PAGE 2

What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. ABUSING TOKEN PRIVILEGES FOR WINDOWS LOCAL PRIVILEGE By @dronesec and @breenmachine This a project my friend drone and I have been poking at for quite some time and are glad to finally be releasing. As the title implies, we're going to be looking at leveraging Windows access tokens with the goal of local privilege escalation. For those familiar with some HACKING JASPERREPORTS CAR HACKING FOR PLEBS By @breenmachine How bad web applications affect the security of your vehicle Update - 03 Nov 2015 After publishing this post, it came to our attention that a number of other researchers had identified and reported the exact same vulnerability. Despite this, the fix still took well over a year. This demonstrates a typical failure A SHEEP IN WOLF’S CLOTHING WHY DOS ISN’T COMPROMISE FINDING PEARLS; FUZZING CLAMAV WHAT DO WEBLOGIC, WEBSPHERE, JBOSS, JENKINS, OPENNMS, ANDSEE MORE ON FOXGLOVESECURITY.COM A SHEEP IN WOLF’S CLOTHING Why DoS isn’t compromise – 5 Years of Real Penetration Test Data

to Stand Behind

HOT POTATO – WINDOWS PRIVILEGE ESCALATIONSEE MORE ON FOXGLOVESECURITY.COM

PAGE 2

What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. ABUSING TOKEN PRIVILEGES FOR WINDOWS LOCAL PRIVILEGE By @dronesec and @breenmachine This a project my friend drone and I have been poking at for quite some time and are glad to finally be releasing. As the title implies, we're going to be looking at leveraging Windows access tokens with the goal of local privilege escalation. For those familiar with some HACKING JASPERREPORTS CAR HACKING FOR PLEBS By @breenmachine How bad web applications affect the security of your vehicle Update - 03 Nov 2015 After publishing this post, it came to our attention that a number of other researchers had identified and reported the exact same vulnerability. Despite this, the fix still took well over a year. This demonstrates a typical failure A SHEEP IN WOLF’S CLOTHING WHY DOS ISN’T COMPROMISE FINDING PEARLS; FUZZING CLAMAV WHAT DO WEBLOGIC, WEBSPHERE, JBOSS, JENKINS, OPENNMS, ANDSEE MORE ON FOXGLOVESECURITY.COM A SHEEP IN WOLF’S CLOTHING The video is full of not-so-subtle hints that HP’s printers are secure and buying a non-HP printer is bordering on criminally negligent. For example, the opening sequence, white text on black background states “There are hundreds of millions of business printers in the world. THE TEAM - FOXGLOVESECURITY.COM Justin Kennedy - @jstnkndy Justin Kennedy is a Research Consulting Director at Atredis Partners . By day, he performs penetration testing and red teaming for organizations in all verticals, by night he participates in bug bounties and performs research. Justin's background includes systems administration, network defense, and being

mischievous.

WHY DOS ISN’T COMPROMISE By @jstnkndy What is this and why might I care? Verizon recently released their annual Data Breach Investigations Report (DBIR) which contains a list of "the top 10 vulnerabilities accounting for 85% of successful exploit traffic". As someone who makes their living actually breaking into organizations, I was interested in checking out

the top 10

MONTH: SEPTEMBER 2016 1 post published by breenmachine during September 2016

ROTTEN POTATO

By @breenmachine This past Friday, myself and my partner in crime, Chris Mallz (@vvalien1) spoke at DerbyCon about a project we've been working on for the last few months. For those interested in watching the talk, it's online here and the code is available on the FoxGlove Security GitHub page. This blog post is going to

WHEN WHALES FLY

Docker has surged in popularity over the last couple of years and is not showing any signs of slowing down. In case you have been living in the bottom of the ocean and missing out on all of the Docker action, you can think of Docker instances as a BSD jail or chroot environment on steroids, but not quite a full on virtual machine. ABOUT FOXGLOVE SECURITY FoxGlove Security is a top-tier team of information security professionals. Our team specializes in high end penetration testing and red teaming scenarios, simulating the actions of real, advanced attackers. Unlike many competitors, our assessment doesn't stop when access is obtained. We simulate the actions of an attacker attempting to persist in your network, going after DAY: NOVEMBER 6, 2015 1 post published by breenmachine on November 6, 2015

Skip to content

* Blog

* About FoxGlove Security

* The Team

Widgets

Posted on November 20, 2017November 21, 2017 A SHEEP IN WOLF’S CLOTHING – FINDING RCE IN HP’S PRINTER FLEET Posted on August 25, 2017 ABUSING TOKEN PRIVILEGES FOR WINDOWS LOCAL PRIVILEGE ESCALATION Posted on February 7, 2017February 8, 2017 TYPE JUGGLING AND PHP OBJECT INJECTION, AND SQLI, OH MY! Posted on October 14, 2016October 14, 2016 HACKING JASPERREPORTS – THE HIDDEN SHELL FEATURE Posted on September 26, 2016September 26, 2016 ROTTEN POTATO – PRIVILEGE ESCALATION FROM SERVICE ACCOUNTS TO SYSTEM Posted on June 13, 2016June 16, 2016 FINDING PEARLS; FUZZING CLAMAV Posted on May 10, 2016 WHY DOS ISN’T COMPROMISE – 5 YEARS OF REAL PENETRATION TEST DATA

TO STAND BEHIND

Posted on March 15, 2016March 15, 2016 FUZZING WORKFLOWS; A FUZZ JOB FROM START TO FINISH Posted on February 24, 2016August 11, 2016 WHEN WHALES FLY – BUILDING A WIRELESS PENTEST ENVIRONMENT USING

DOCKER

Posted on January 16, 2016January 16, 2016 HOT POTATO – WINDOWS PRIVILEGE ESCALATION

POSTS NAVIGATION

Page 1 Page 2 Next page

MENU

* Blog

* About FoxGlove Security

* The Team

Blog at WordPress.com. Blog at WordPress.com.

Post to

Cancel

* FollowFollowing

* foxglovesecurity.com

*

Already have a WordPress.com account? Log in now.

*

* foxglovesecurity.com

* Customize

* FollowFollowing

* Sign up

* Log in

* Report this content * Manage subscriptions

* Collapse this bar