Team82 researched the security of the OvrC cloud platform, which is used by businesses and consumers to remotely manage IoT devices. We uncovered 10 different vulnerabilities that, when chained, allow attackers to execute code on OvrC cloud-connected devices…

For the past year, we’ve worked with the Python Package Index (PyPI) on a new security feature for the Python ecosystem: index-hosted digital attestations, as specified in PEP 740. These attestations improve on traditional PGP signatures (which have been…

In this blog post, we document Linux process injection techniques, and explain how to detect and mitigate them.

It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerability in FortiManager, their tool for central management…

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perfor...

Discover how to reproduce CVE-2024-10979, a vulnerability in PostgreSQL's trusted PL/Perl, through this detailed step-by-step guide. Learn about the security implications and the importance of applying patches to safeguard your database systems.

Authenticated Gaia users, at least read-only privilege, can inject code or commands by global variables through HTTP requests.

Learn how to identify, understand, attack, and remediate SMB shares configured with excessive privilege in active directory environments with the help of new charts, graphs, and LLM capabilities.

The Gogs self-hosted Git service is vulnerable to symbolic link path traversal that enables remote code execution (CVE-2024-44625). The latest version at the time of writing (0.13.0) is affected. This vulnerability is exploitable against a default install…

Learn about Redis CVE-2024-31449, a critical Lua vulnerability allowing remote code execution. Discover steps to protect your system, reproduce the PoC, and update Redis to mitigate risks.

Wireless and firmware hacking, PhD life, Technology

If you remember kobold letters, you already know not to blindly trust emails. But it’s not just HTML emails that can be deceiving. In this article, we’ll take a look at S/MIME and how we can use the concept of invisible salamanders to craft messages that…

Software supply chains are complex ecosystems where even a single vulnerability can lead to widely spread security issues. This blog focuses on supply chain account takeovers, particularly in NPM packages, and explains how attackers exploit expired email…

OpenBMC Remote OS Deployment: A Simplified Approach Many BMC implementations can accept a disk image and present it as a read-only USB mass storage device inserted into the host machine, allowing the host machine to boot from this “disk” for remote installation…

Setting up the environment + Hello World Inspecting and tampering HTTP requests and responses Inspecting and tampering WebSocket messages Creating […]

It'll be no surprise that 2024, 2023, 2022, and every other year of humanities' existence has been tough for SSLVPN appliances.

Anyhow, there are new vulnerabilities (well, two of them) that are being exploited in the Palo Alto Networks firewall and SSLVPN…

CVE-2024-20767- ColdFusion Path Traversal can lead to reading important data. CVE-2024-20767 is a vulnerability in ColdFusion versions 2023.6, 2021.12, and earlier. These versions are affected by...

Estimated Reading Time: 5 minutesOn a recent Red Team engagement, I was poking around having a look at different files and trying to see if I could extract any information that would allow me to move laterally through the network. I was hopeful, as always…