HTB: Derailed https://0xdf.gitlab.io/2023/07/22/htb-derailed.html
0xdf hacks stuff
HTB: Derailed
Derailed starts with a Ruby on Rails web notes application. I’m able to create notes, and to flag notes for review by an admin. The general user input is relatively locked down as far as cross site scripting, but I’ll find a buffer overflow in the webassembly…
EJS, Server side template injection RCE (CVE-2022-29078) - writeup https://eslam.io/posts/ejs-server-side-template-injection-rce/
Eslam Salem blog
EJS, Server side template injection RCE (CVE-2022-29078) - writeup
Note: The objective of this research or any similar researches is to improve the nodejs ecosystem security level.
Recently i was working on a related project using one of the most popular Nodejs templating engines Embedded JavaScript templates - EJS
In my…
Recently i was working on a related project using one of the most popular Nodejs templating engines Embedded JavaScript templates - EJS
In my…
chonked pt.1: minidlna 1.3.2 http chunk parsing heap overflow (cve-2023-33476) root cause analysis https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html
hyprblog
chonked pt.1: MiniDLNA 1.3.2 HTTP Chunk Parsing Heap Overflow (CVE-2023-33476) Root Cause Analysis
first part in a two-part series going over a heap overflow in MiniDLNA, a media server commonly deployed in embedded environments. this post provides a summary and root cause analysis of the vulnerability.
Racing Against the Lock: Exploiting Spinlock UAF in the Android
Kernel https://0xkol.github.io/assets/files/Racing_Against_the_Lock__Exploiting_Spinlock_UAF_in_the_Android_Kernel.pdf
Kernel https://0xkol.github.io/assets/files/Racing_Against_the_Lock__Exploiting_Spinlock_UAF_in_the_Android_Kernel.pdf
chonked pt.2: exploiting cve-2023-33476 for remote code execution https://blog.coffinsec.com/0day/2023/06/19/minidlna-cve-2023-33476-exploits.html
hyprblog
chonked pt.2: exploiting cve-2023-33476 for remote code execution
second part in a two-part series going over heap overflow in MiniDLNA (CVE-2023-33476). this post provides a walkthrough of steps taken to write an exploit for this vulnerability in order to achieve remote code execution and pop a shell.
Why are the module timestamps in Windows 10 so nonsensical? https://devblogs.microsoft.com/oldnewthing/20180103-00/?p=97705
Microsoft News
Why are the module timestamps in Windows 10 so nonsensical?
They're really a uniqueness identifier.
One LFI bypass to rule them all (using base64) https://matan-h.com/one-lfi-bypass-to-rule-them-all-using-base64/
Matan-h
One LFI bypass to rule them all (using base64)
bypass most PHP filters using only base64
Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463 https://jhalon.github.io/chrome-browser-exploitation-3/
Jack Hacks
Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463
Welcome to the third and final installment of the “Chrome Browser Exploitation” series. The main objective of this series has been to provide an introduction to browser internals and delve into the topic of Chrome browser exploitation on Windows in greater…
Introduction to Cross-Site Leaks (XS-Leaks) – Attacks and Mitigations https://cybercx.co.nz/blog/cross-site-leaks-attacks/
CyberCX
Introduction to Cross-Site Leaks (XS-Leaks) - Attacks and Mitigations
This article explains what Cross-Site Leaks (XS-Leaks or XSLeaks) are, as well as providing an example attack, along with mitigation options for application developers and systems administrators.
Tales of two security issues in cryptocurrency software wallets https://www.blazeinfosec.com/post/vulnerabilities-crypto-wallets/
Blaze Information Security
Tales Of Security Issues In Cryptocurrency Software Wallets
This post discusses security concerns and two vulnerabilities in Harmony and oByte, two browser extensions that serves as a cryptocurrency software wallet.
'FraudGPT' Malicious Chatbot Now for Sale on Dark Web https://www.darkreading.com/threat-intelligence/fraudgpt-malicious-chatbot-for-sale-dark-web
Dark Reading
'FraudGPT' Malicious Chatbot Now for Sale on Dark Web
The subscription-based, generative AI-driven offering joins a growing trend toward "generative AI jailbreaking" to create ChatGPT copycat tools for cyberattacks.
Cryptojacking: Understanding and defending against cloud compute resource abuse https://www.microsoft.com/en-us/security/blog/2023/07/25/cryptojacking-understanding-and-defending-against-cloud-compute-resource-abuse/
Microsoft News
Cryptojacking: Understanding and defending against cloud compute resource abuse
Cloud cryptojacking uses computing power to mine cryptocurrency and could result in financial loss to targeted organizations.
Unicode characters to Bypass Security Checks https://sim4n6.beehiiv.com/p/unicode-characters-bypass-security-checks
Query Chronicles
Unicode characters to Bypass Security Checks
Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique https://thehackernews.com/2023/07/casbaneiro-banking-malware-goes-under.html
Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646) https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/
CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You https://emily.id.au/tailscale
emily.id.au
CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You
TL;DR Recommendations
Escaping the Google kCTF Container with a Data-Only Exploit https://h0mbre.github.io/kCTF_Data_Only_Exploit/
The Human Machine Interface
Escaping the Google kCTF Container with a Data-Only Exploit
Introduction I’ve been doing some Linux kernel exploit development/study and vulnerability research off and on since last Fall and a few months ago I had some downtime on vacation to sit and challenge myself to write my first data-only exploit for a real…
CVE-2023-28130 – Command Injection in Check Point Gaia Portal https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal//
Pentests
CVE-2023-28130 - Command Injection in Check Point Gaia Portal
Pentests.nl has discovered a vulnerability in Check Point Gaia Portal which could be exploited to execute code on the underlying system.
Pre-authenticated RCE in VMware vRealize Network InsightCVE-2023-20887 https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
Summoning Team
Pre-authenticated RCE in VMware vRealize Network Insight
An interesting case of Pre-authenticated RCE in VMware vRealize Network Insight (CVE-2023-20887)
Gazavat / Expiro DMSniff connection and DGA analysis https://medium.com/walmartglobaltech/gazavat-expiro-dmsniff-connection-and-dga-analysis-8b965cc0221d
Medium
Gazavat / Expiro DMSniff connection and DGA analysis
By: Jason Reaves and Joshua Platt