Perché la conoscenza
è condivisione.
08/03/2022
Reversing embedded device bootloader (U-Boot) - p.1
In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.
Min
Min
By polict
16/02/2021
Hunting for bugs in Telegram’s animated stickers remote attack surface
polict's 2020 journey in researching the lottie animation format, its integration in mobile apps and the vulnerabilities triggerable by a remote attacker against any Telegram user.
Min
By zi0black
02/11/2020
Re-discovering a JWT Authentication Bypass in ServiceStack
ServiceStack in version 5.9.2 almost silently patched a vulnerability which allowed to bypass JWT signature.
Min
By polict
28/07/2020
Sometimes they come back: exfiltration through MySQL and CVE-2020-11579
Walkthrough and exploitation of MySQL LOCAL INFILE accompanied by the release of a new open-source tool to exploit similar vulnerabilities.
Min
By smaury
27/04/2020
Keybase client allowed inject arbitrary links with arbitrary protocols. This caused a Remote Command Execution on Windows and MacOS.
Min
By thezero
20/04/2020
NotSoSmartConfig: broadcasting WiFi credentials Over-The-Air
Security analysis of the SmartConfig procol by Espressif and publishing of the NotSoSmartConfig tool, able to retrieve WiFi credentials from a PCAP.
Min
24/10/2019
Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …
The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.
Min
By thezero
19/10/2019
Exploiting an old noVNC XSS (CVE-2017-18635) in OpenStack
OpenStack was using an old version of noVNC affected by a DOM-based XSS that allowed attackers to steal VM tokens and take over VMs.
Min
By smaury
13/04/2019
Exploiting Apache Solr through OpenCMS
Exploiting a known XXE in Apache Solr through OpenCMS handleSolrSelect, to read arbitrary files from the OpenCMS' server.
Min