a post going over 4 exploits for CVE-2024-20017, a remotely exploitable buffer overflow in a component of the MediaTek MT7622 SDK.

Create tar/zip archives that try to exploit zipslip vulnerability. - nodyhub/zipslipper

Introduction Every company establishes processes to identify security vulnerabilities, prioritize them, develop solutions, and, in some cases, strategically accept risk either temporarily or permanently. Security exceptions are closely tied to vulnerability…

Are you tired of compromising your privacy and security when sharing files online? What if there was a way to transfer data that was not only secure and efficient but also put you in complete control? Imagine a file sharing solution that combines cutting…

Let me scan it, what could possibly go wrong?

In a world increasingly reliant on secure digital communications, it’s surprising to learn that many countries, including those in critical sectors such as healthcare and industrial control systems (SCADA), still use outdated pager networks like POCSAG for…

After attending the OST2 – Exp4011 […]

CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive and Indicators of Compromise. This blog details a hardcoded credentials vulnerability which allows an unauthenticated attacker to read and modify all help desk tickets.

Summary A vulnerability in the Nortek Linear eMerge E3 allows remote unauthenticated attackers to cause the device to execute arbitrary commands. Credit An independent security researcher working with SSD Secure Disclosure Vendor Response The vendor has been…

The protocol that is used by the WatchGuard Single Sign-On (SSO) agent to communicate with the respective client services is neither encrypted, nor authenticated. The unprotected information that is communicated is used to decide which firewall rules should…

Original file ‎(SVG file, nominally 1,000 × 1,000 pixels, file size: 9 KB)

Summary A vulnerability in the Nortek Linear eMerge E3 allows remote unauthenticated attackers to cause the device to execute arbitrary commands. Credit An independent security researcher working with SSD Secure Disclosure Vendor Response The vendor has been…

Uncover hidden subdomains: Boost your cybersecurity, validate digital assets, and supercharge your pen testing. Find every subdomain linked to any website.

In this blog, we’ll dive into how Heartbleed works, the vulnerable code and how to exploit it.

Introduction Hello Folks, Today I am providing an all-encompassing OSCP preparation guide containing the advice and resources I wish I had when I started this path towards the OSCP. If you have any questions relating to OSCP preparation or anything else,…

Recent investigation by Bitsight TRACE has discovered multiple critical 0-day vulnerabilities across six ATG systems from five different vendors.

On June 11th, 2024, we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate. These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless…

Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s

We detail several practical client-side attacks that can result from DNS poisoning observed for domains hosted in China. These attacks impact every domain on the Internet that uses a nameserver located in China, and it's estimated that more than 30 million…

Did you know that Slack provides some surprising information about a workspace to unauthenticated callers? Slack Watchman knows, and in this post I’m going to show you the information you can enume…