Read the details about #CVE-2021-21703 on our Ambionics' blog, a 10 year-old Local Root vulnerability affecting PHP-FPM, #PHP FastCGI's server. PHP-FPM is often used with major HTTPd servers such as #NGINX and #Apache. ambionics.io/blog/php-fpm-l…

Hello world! I'm finally releasing JET, a Jolokia Exploitation Toolkit! :) It contains many exploits for /jolokia endpoints, feel free to use for audits, bug-bounty, or anything (legal 🍀) else! thinkloveshare.com/hacking/shells… github.com/laluka/jolokia…

I didn't think this was true as I've looked at it before and setting the short name requires SeRestorePrivilege. However checking this now it's a clear and dangerous regression. As shown Win 8.1 fails as a normal user, latest Win10/11 works. Slow hand clap Microsoft.

In light of this #log4j vulnerability I recommend everyone to switch from #java to #php

Base on loknop's idea(gist.github.com/loknop/b27422d…), I've got all [a-zA-Z0-9] characters through fuzzing. Here is my result : github.com/wupco/PHP_INCL…

9 years ago I released my first project on GitHub: 'rp++' yet another ROP gadget finder 😊 I've finally carved out time to clean up the codebase and push the v2, check it out 🔥! github.com/0vercl0k/rp

New blogpost available ! This article is a step-by-step guide to #reverse an APK protected with #DexGuard using Jadx : blog.lexfo.fr/dexguard.html

Thank you TyphoonCon🌪️, and everybody for attending! I will release the demo code, the RCE on #Adminer using #CVE-2022-31626, in the next few days! The other one is more complex, so you'll have to wait for the blog post on Ambionics Security

💥 New attack! Our researcher Arseniy Sharoglazov discovered a PHP's Arbitrary Object Instantiation with no user-defined classes. It was turned to RCE! Read the research: swarm.ptsecurity.com/exploiting-arb…

Learn how we discovered 5 distinct vulnerabilities on WatchGuard #Firebox/#XTM firewalls, and obtained a pre-auth Remote Code Execution as root #0day (CVE-2022-31789, CVE-2022-31790). ambionics.io/blog/hacking-w…

CVE-2022-47949 The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow, aka ENLBufferPwn. Th... cve.mitre.org/cgi-bin/cvenam…

Introducing sshimpanzee, a reverse shell made by Titouan Lazard based on openssh's sshd. It supports DNS, ICMP and HTTP encapsulation as well as SOCKS and HTTP Proxies : blog.lexfo.fr/sshimpanzee.ht…

#Fortinet published a patch for CVE-2023-27997, the Remote Code Execution vulnerability rioru (Dany Bach) and I reported. This is reachable pre-authentication, on every SSL VPN appliance. Patch your #Fortigate. Details at a later time. #xortigate

The IR number is 23-097. Patch your Fortigate. fortiguard.com/psirt/FG-IR-23…

#Fortinet patched #CVE-2023-27997, a critical vulnerability affecting its VPN #Fortigate. Our latest blogpost describes the technical details about the bug, a pre-auth heap overflow, with a twist. #xortigate blog.lexfo.fr/xortigate-cve-…

This was a fun one! The vulnerability has been found and exploited during the timeframe of one of our Red Team engagements and allowed us to compromise our target entirely. Happy patch week! #xortigate

The ownCloud CRITICAL vulnerabilities I reported (CVE-2023-49103, CVE-2023-49105) are now patched. Patch your #owncloud. Details when possible. #pwncloud

We've updated our blogpost about ownCloud with an #exploit for #CVE-2023-49105 and a video. ambionics.io/blog/owncloud-…

Introducing a new tool for #PHP filters attacks, #wrapwrap: an algorithm to add an arbitrary prefix and suffix to a PHP resource, improving the exploitation of file read and #SSRF vulnerabilities. ambionics.io/blog/wrapwrap-…

Iconv, set the charset to RCE: in the first blog post of this series, Charles Fol will show a new exploitation vector to get RCE in PHP from a file read primitive, using a bug in iconv() (CVE-2024-2961) ambionics.io/blog/iconv-cve…