Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1) #PHPexploit #glibcbug #RCEvulnerability #PHPfilters https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
Ambionics
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for linux programs. Despite being reachable in multiple well-known libraries or executables, it proved rarely exploitable — while it didn't provide much leeway…
Everyday Ghidra: Symbols — Automatic Symbol Acquisition with Ghidra — Part 2 #EverydayGhidra #SymbolAcquisition #ConfiguringGhidra #RemoteSymbolServers #ReverseEngineering https://medium.com/@clearbluejar/everyday-ghidra-symbols-automatic-symbol-acquisition-with-ghidra-part-2-bf9033a35b39
Medium
Everyday Ghidra: Symbols — Automatic Symbol Acquisition with Ghidra — Part 2
This post, another lesson from the “Everyday Ghidra” series, walks through the process of configuring Ghidra to automatically download…
🔥1
Check Point - Wrong Check Point (CVE-2024-24919) #CheckPoint #CVE-2024-24919 #SSLVPN #PathTraversal #ArbitraryFileRead https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
watchTowr Labs
Check Point - Wrong Check Point (CVE-2024-24919)
Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This time, it is Check Point who is the focus of our penetrative gaze.
Check Point, for those unaware, is the…
Check Point, for those unaware, is the…
👍1
Hunting bugs in Nginx JavaScript engine (njs) #bughunting #Nginx #JavaScript #vulnresearch #CTF https://0xbigshaq.github.io/2024/05/24/njs-vr-bugs/
( ͡◕ _ ͡◕)👌
Hunting bugs in Nginx JavaScript engine (njs)
🎉2
Attacking Android Binder: Analysis and Exploitation of CVE-2023-20938 #AndroidBinder #VulnerabilityAnalysis #Exploitation #AndroidSecurity #RootPrivilege https://androidoffsec.withgoogle.com/posts/attacking-android-binder-analysis-and-exploitation-of-cve-2023-20938/
Withgoogle
Attacking Android Binder: Analysis and Exploitation of CVE-2023-20938 - Android Offensive Security Blog
At OffensiveCon 2024, the Android Red Team gave a presentation (slides) on finding and exploiting CVE-2023-20938, a use-after-free vulnerability in the Android Binder device driver. This post will provide technical details about this vulnerability and how…
CVE-2023-48788: Revisiting Fortinet FortiClient EMS to Exploit 7.2.X #Fortinet #FortiClient #Exploit #CVE-2023-48788 #Horizon3.ai https://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-revisiting-fortinet-forticlient-ems-to-exploit-7-2-x/
Horizon3.ai
CVE-2023-48788: Revisiting Fortinet FortiClient EMS to Exploit 7.2.X
Revisiting CVE-2023-48788, a SQL injection in Fortinet FortiClient EMS Server. This blog details bypassing several restrictions to achieve arbitrary command execution as SYSTEM.
Securing the Building Blocks: A Deep Dive into Dependency Security #DependencySecurity #VettingDependencies #MaliciousCodeRisk #SecureYourProject #ReduceExposure https://www.devsecurely.com/blog/2023/11/securing-the-building-blocks-a-deep-dive-into-dependency-security
Devsecurely
Securing the Building Blocks: A Deep Dive into Dependency Security | Devsecurely
When the foundations break, the building crumbles. Applications are no different. When building an application, you need to choose the best building blocs. They need to be durable and...
SLE(A)PING Issues: SWAPPALA and Reflective DLL Friends Forever #SleapingIssues #SWAPPALA #ReflectiveDLL #SleepingTechnique #InMemorySleeping https://oldboy21.github.io/posts/2024/06/sleaping-issues-swappala-and-reflective-dll-friends-forever/
oldboy21.github.io
SLE(A)PING Issues: SWAPPALA and Reflective DLL Friends Forever
Here we go again, hello everyone! Sorry I am on a roll this period, can’t really sle(a)p well when I have something still to solve and I had some leftovers from the previous SWAPPALA adventure.
What we going to talk about today?
Well, lots of failures but…
What we going to talk about today?
Well, lots of failures but…
Malware Development, Analysis and DFIR Series #MalwareDevelopment #MalwareAnalysis #DFIR #MemoryModels #AddressTranslation https://azr43lkn1ght.github.io/Malware%20Development,%20Analysis%20and%20DFIR%20Series%20-%20Part%20III/
azr43lkn1ght.github.io
Malware Development, Analysis and DFIR Series - Part III
Delve into windows memory internals! here is the 3rd post of Malware Development, Analysis and DFIR Series.
Analysis of CVE-2024-27348 Apache HugeGraph #CVE20242738 #ApacheHugeGraph #PenetrationTesting #SecurityAudit #GremlinExploitation https://blog.securelayer7.net/remote-code-execution-in-apache-hugegraph/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Analysis of CVE-2024-27348 Apache HugeGraph
Introduction CVE-2024-27348 is a Remote Code Execution (RCE) vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and...
CVE-2022-2586 Writeup #LinuxKernel #CVE-2022-2586 #ExploitDevelopment #VulnerabilityResearch #KPTIBypass https://www.jmpeax.dev/CVE-2022-2586-writeup.html
👍3🔥1
[EN] Unsecure time-based secret and Sandwich Attack - Analysis of my research and release of the “Reset Tolkien” tool #TimeBasedSecrets #SandwichAttack #ResetTolkien #Vulnerabilities #PythonTool https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-en.html
Some policies of my research #researchpolicies #academia #healthandwellness #writingprocess #knowledge-sharing #compassion https://backscattering.blog/2024/03/31/some-policies-of-my-research/
🥱1
Uncovering a Critical Vulnerability in Authentik's PKCE Implementation (CVE-2023-48228) #VulnerabilityUncovered #AuthentikCVE #PKCEFlaw #SecurityImprovements #SSOProviderIssues https://www.offensity.com/en/blog/uncovering-a-critical-vulnerability-in-authentiks-pkce-implementation-cve-2023-48228/
Offensity
Uncovering a Critical Vulnerability in Authentik's PKCE Implementation (CVE-2023-48228) | Offensity
Security reports: efficient and straightforward. The simplest way to detect and fix vulnerabilities
Bypassing Veeam Authentication CVE-2024-29849 #VeeamAuthBypass #CVE202429849 #TeamTraining #Exploits #Advisories https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/
Summoning Team
Bypassing Veeam Authentication CVE-2024-29849
An interesting authentication bypass exploit in Veeam Backup Enterprise Manager
👍2
Finding the slab cache for each object in Linux kernel using static analysis #LinuxKernel #StaticAnalysis #SlabCache #Clang #llvmorg13.0.1 https://albocoder.github.io/exploitation/linux%20kernel/2024/06/09/KernelStaticAnalysis.html
Erin Avllazagaj
Finding the slab cache for each object in Linux kernel using static analysis
The State of Go Fuzzing - Did we already reach the peak? #GoFuzzing #StateOfTheArt #NativeFuzzing #ToolingLandscape #FuzzingEcosystem https://0x434b.dev/the-state-of-go-fuzzing-did-we-already-reach-the-peak/
Low-level adventures
The State of Go Fuzzing - Did we already reach the peak?
During one of the recent working days, I was tasked with fuzzing some Go applications. That's something I had not done in a while, so my first course of action was to research the current state of the art of the tooling landscape. After like a couple of hours…
🤮1
Thecus NAS Firmware Decryption #FirmwareDecryption #ThecusNAS #DES-CBC #LegacyCiphers https://starkeblog.com/cryptography/firmware/2024/06/11/thecus-nas-firmware-decrypt.html
A Visual Guide to Pointer Analysis with cclyzer++: Part 1 #Galois #PointerAnalysis #cclyzer++ #VisualGuide #StaticAnalysis https://galois.com/blog/2022/08/cclyzer/
🔥3
There are no Secrets || Exploiting Veeam CVE-2024-29855 #VeeamCVE #AuthenticationBypass #Exploits #TokenGeneration #TokenValidation https://summoning.team/blog/veeam-recovery-orchestrator-auth-bypass-cve-2024-29855/
Summoning Team
There are no Secrets || Exploiting Veeam CVE-2024-29855
This vulenrability is due to the fact that JWT secret used to generate authentication tokens was a hardcoded value which means an unauthenticated attacker can generate valid tokens for any user (not just the administrator) and login to the Veeam Recovery…