Maybe Miroslav Stampar would enjoy this? A sqlmap tamper script for exploiting a multi-step 2nd order sqli in moodle muffsec.com/blog/moodle-2n…

The following non-malicious request can be used to test susceptibility to the Spring Framework 0day RCE. An HTTP 400 return code indicates vulnerability. $ curl host:port/path?class.module.classLoader.URLs%5B0%5D=0 #SpringShell #Spring4Shell #infosec

Exploiting a Use-After-Free for code execution in every version of Python 3 - pwn.win/2022/05/11/pyt… If you process sandboxed Python code from external, you can be realistically affected.

We have validated Rapid7’s analysis on CVE-2022-26134, an RCE in Atlassian Confluence. Randori recommends assuming compromise and investigating accordingly. Vendor guidance is available here: confluence.atlassian.com/doc/confluence…

✍️ 1/ Want to learn how to bug hunt in hard targets and find high impact issues? Here’s a short Sunday 🧵for those starting out and some general thoughts from over the years on software security:

We had juniors get up & running with AppSec in a few months just following PortSwigger material. I can't stress enough how much valuable what Portswigger is doing for the community, their labs are literally x100 way better in quality than most AppSec certifications out there. 1/

Our 2023 Reverse Engineering survey is live! binary.ninja/2023/01/26/sur… Help make the product better, or just participate to win some of the many prizes.

I've been using ChatGPT to help with vuln discovery. In this example, I had it examine the pseudocode related to the DNS SigRed vulnerability. It was able to identify the potential for the integer overflow that lead to the heap overflow with memcpy. I'm working on 0day help.

New blogpost by b33f | 🇺🇦✊ and I! Patch Tuesday -> Exploit Wednesday: Pwning Windows afd.sys in 24 Hours. We reverse engineer a bug + write an exploit using a cool new primitive. We also find out that it's been exploited in the wild (previously unknown). securityintelligence.com/posts/patch-tu…

scare - Simple Configurable Assembly REPL && Emulator I wrote this for people who want to write/test/play with various assembly architectures on the command line. Currently supports x86, x64, arm32, arm64 with plans for more architectures and modes. github.com/netspooky/scare

We've been able to trigger CVE-2023-21554 AKA #QueueJumper, a recently patched RCE in Microsoft’s Message Queueing Service reported by Check Point Research. We can confirm it appears exploitable. IOCs and more: randori.com/blog/vulnerabi…

In collaboration with Fabius and Aaron Portnoy we conducted a post mortem of the QueueJumper MSMQ RCE patch. We do an in depth RCA, identify variants, create exploit primitives, evaluate exploitability, and make some interesting new discoveries! securityintelligence.com/posts/msmq-que…

Tough question to summarize. Gray Hat Hacking is at the point where we'd normally start working on the next edition. Questions: - Know any universities who use it? - Are printed books still desired? - Would you want a 7th edition? The replies will help determine the outcome.

🔥You see, I've been trying hard to promote my training by dropping blogs, poc, teaching different countries/cons, following that idea this Sat I thought, what if, I dropped 3 exploits & 3 blogs on the same day? so after sleeping only 2 hours in the last 48h, they're ready😏🫳🎤

The OWASP Amass project paints a more complete picture of externally exposed attack surfaces these days! The first official release of our #opensource platform will be available soon. Stay tuned! #osint #recon #security #infosec #bugbounty OWASP® Foundation

Exciting news! I’m starting X-Force’s new offensive research team (XOR) and hiring a security researcher. Want to work with researchers (like b33f | 🇺🇦✊ and I) to find bugs, exploit popular targets, and share your work? Apply for this unique (remote) role 😊careers.ibm.com/job/21219320/s…

****For students and private individuals (not paid by a company) ONLY*** We are releasing a very limited amount of tickets for students and private individuals. These tickets will be discounted in price and are separate from the waiting list. Please email us with your story

#Iran Iranians are under attack by Israel and simultaneously oppressed by their own government. After a week of bombing and fires, the situation has become dire, and now, internet access has been cut off. This is inhumane. Please raise awareness and help amplify their voices.

I wrote a blogpost about Android on-device fuzzing -> Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida) ibm.com/think/x-force/…