A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for linux programs. Despite being reachable in multiple well-known libraries or executables, it proved rarely exploitable — while it didn't provide much leeway…

Extension for Visual Studio Code - Add beautiful diagrams drawn on draw.io to your code
Diagram to Text

A beginner-friendly journey from a memory corruption to a browser pwn.

NOTE: This article is based off the following:

Follow along a journey to find vulnerabilities in the RPC functionaliy of ManageEngine ADAudit

Coordinated disclosure writeup about multiple vulnerabilities in Eclipse ThreadX (CVE-2024-2214, CVE-2024-2212, CVE-2024-2452).

CVE-2024-23108 Fortinet FortiSIEM Command Injection Deep-Dive and Indicators of Compromise. This blog details a command injection vulnerability which allows an unauthenticated attacker to access the FortiSIEM server as root to execute arbitrary commands.

This post, another lesson from the “Everyday Ghidra” series, walks through the process of configuring Ghidra to automatically download…

Public disclose of CloudTrail bypass vulnerabilities we've found in AWS along with our research on using non-production API endpoints for defense evasion.

Hello everyone! It’s been a while, many things happening and not much time for coding. Hard times. Nonetheless I had little time frames for playing with some stuff I would define cool enough to write some lines about it. Last time we talked about Indirect…

 

In this post we describe a vulnerability we discovered in the Ivanti LanDesk software and how it can be exploited to achieve local privilege escalation via arbitrary code execution.
Ivanti disclosed the vulnerability in their advisory on May 28th 2024…

In March 2024, the Sysdig Threat Research Team. discovered Rebirth - an increasingly popular DDoS-as-a-Service botnet.

Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This time, it is Check Point who is the focus of our penetrative gaze.

Check Point, for those unaware, is the…

In this blog, we welcome the return of the LM hash - which is still in use in specific scenarios even if it is explicitly disabled! - and demonstrate how to survive the reset of the krbtgt service account. Our goal is to learn whether it is possible to achieve…

S3 is weirder than you think. Make sure you know all the quirks before they turn into vulnerabilities in your AWS infrastructure.

Powered by Hudson Rock's continuously augmented cybercrime database, composed of millions of machines compromised by Infostealers in global malware spreading campaigns.

Two Moldovan brothers’ companies, Stark Industries Solutions and PQ Hosting, provide technology for Russian propaganda and hacking attacks, a CORRECTIV investigation shows.