Home
A vulnerability in Marvin Test's driver allows local users to use it to write arbitrary data to sensitive areas of the kernel's memory, this can be exploited to gain elevated privileges. As the driver is digitally signed, this can also be used to do post-exploitation privilege escalation.
SSRF vulnerabilities aren't a new threat vector but they're often misunderstood. Here are details about what it is and where it can be found.
Juplink's RX4-1800 WiFi router was found to have multiple vulnerabilities exposing its owners to potential intrusion in their local WiFi network and complete overtake of the device. An attacker can remotely take over a device after using a targeted or phishing attack to change the router's administrative password, effectively locking the owner out of their device.
HTTP header injection is often under-estimated and misclassified as a moderate severity flaw equivalent to XSS or worse, Open Redirection. In this post, I'll share a simple technique I used to take a
While looking at Opera functionalities I stumbled upon the built-in VPN inside the browser and I was able to find a technique that allow an
Discovered by Lilith >_> of Cisco Talos. SUMMARY A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocati...
On August 24th, 2022, we reported a vulnerability to Netlify affecting their Next.js "netlify-ipx" repository which would allow an attacker to achieve persistent cross-site scripting...
Disclosure of uninitialized memory is one of the common problems faced when copying data across trust boundaries. This can happen between the hypervisor and guest OS, kernel and user space, or across the network. The most common bug pattern noticed among these cases is where a structure or union is
A discussion of modifying and implementing a hidden VFS similar to the Uroburos rootkit, plus a tool we developed as part of our research.
A vulnerability in the way Linux handles the CLOCK_THREAD_CPUTIME_ID allows local attackers to reach a race condition and use this to elevate their privileges to root.
Strikeout () Blog Loading... Maxwell Dulin Email me! Twitter Github Admin Blog RSS Feed Resources RSS Feed
To properly assess the security of a web application, its important to analyze it with regard to the server it will run on. Many things depend on the server, from processing user requests to the easiest way of achieving RCE. Armed with knowledge about the server, we can identify vulnerabilities in an application and make []
Application security issues found by Assetnote
Posted by Adrian Taylor, Bartek Nowierski and Kentaro Hara on behalf of the MiraclePtr team Memory safety bugs are the most numerous cat...
Framework selection is the first of three common issues organizations face when building or maturing a cybersecurity program.
A real ninja leaves no traces.
I thought I knew all the ways to call functions without parentheses: alert`1337` throw onerror=alert,1337 Function`x${'alert\x281337\x29'}x``` 'alert\x281337\x29'instanceof{[Symbol['hasInstance']]:eva
TL;DR In this post, I present an XSLeak technique that allows an active network attacker to observe, from an insecure Web origin, the presence or absence of some Secure cookie that may have been set by the origin’s secure counterpart.
Cookies' crumbly beginnings Netscape (Lou Montulli, more precisely) invented cookies in 1994 in order to introduce persistent client state in the otherwise stateless Hypertext Transfer Protocol (HTTP). Back in the day, the Web was much more static than it is today.
In my first blog post covering bugs in Ivanti Avalanche, I covered how I reversed the Avalanche custom InfoRail protocol, which allowed me to communicate with multiple services deployed within this product. This allowed me to find multiple vulnerabilities in the popular mobile device management (M
Posted by Jonathan Metzman, Dongge Liu and Oliver Chang, Google Open Source Security Team Recently, OSS-Fuzz our community fuzzing servi...
Flutter applications can be found in security analysis projects or bugbounty programs. Most often, such assets are simply overlooked due to the lack of methodologies and ways to reverse engineer them. I decided not to skip this anymore and developed the reFlutter tool. This article describes the results of my research. Summary The report starts []
Prototype pollution is a vulnerability that exploits inheritance behavior in JavaScript to create malicious instances of data types, which in the right conditions, can result in the execution of attacker-supplied code. Depending on the context, this can have impacts ranging from DOM-based Cross Site Scripting to even Remote Code Execution.
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Quintin Crist and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Microsoft Windows operating system, originally discovered and reported by the
Memory protections like obfuscation and encryption can serve as local controls to slow an adversary until they are identified and removed.
5 boulevard Montmartre 75002 Paris
Have you ever seen a promising hacking technique, only to try it out and struggle to find any vulnerable systems or non-duplicate findings? In this post, I'll take a concise look at the most effective
Learn how to decrypt Manage Engine Password Manager Pro (PMP) passwords after exploiting CVE-2022-35405.
A vulnerability in the way Linux handles the CONFIG_WATCH_QUEUE allows local attackers to reach a race condition and use this to elevate their privileges to root.
Information about 0-days exploited in-the-wild!
Benefits of a whitebox approach include more analysis, more realistic attack emulations, and potentially deeper vulnerability findings.
I've been hacking browsers for over 15 years and one of the challenges I set myself was to find a SOP bypass or info leak in every major browser. Chrome was the last browser standinguntil now. This p
Information about 0-days exploited in-the-wild!