I got targeted by Zhang Guo and sent me the blog post link hxxps://blog.br0vvnn[.]io/pages/blogpost.aspx?id=1&q=1

I were able in collaboration with blasty to create a working Proof of Concept exploit for the new sudo CVE-2021-3156. Tested just in Ubuntu 20.04.1 LTS, in other distros offsets may change. PoC available: github.com/lockedbyte/CVE…

Last night lock showed you how we managed to exploit sudo with a partial overwrite of a funcptr and some small bruteforce. Today.. we do it single-shot with some help of glibc/nss. haxx.in/CVE-2021-3156_…

Our young owlet @Lockedbyte reported an uncontrolled recursion in the XML parser of OSSEC/Wazuh (CVE-2021-28040) that has been fixed recently. Not all bugs are cool RCEs, but hey, bugs that lead to DoS should be fixed too.

I developed a Remote Code Execution PoC exploit for the Exim Use-After-Free that was recently disclosed (as part of Qualys 21Nails advisory). Tested just on Exim 4.92. PoC available: github.com/lockedbyte/CVE…

So lock just brought to our nest a PoC. Read his last entry in our blog: "From theory to practice: analysis and PoC development for CVE-2020-28018 (User-After-Free in Exim)" adepts.of0x.cc/exim-cve-2020-…

Exim RCE (lock), Windows kernel exploit writeup (Connor McGarr), plaintext RDP creds from memory (Jonas L, n00py), MS Defender ATP bypasses (Matt Eidelberg), hashcat 6.2.0 (hashcat), persist and blend C2 with Teams (BlackArrow), and more! blog.badsectorlabs.com/last-week-in-s…

Dear Fellowlship, How is your summer going? Our N-Day owl lock was bored in his holidays and decided to build an exploit for CVE-2020-9273. Check our post: Having fun with a Use-After-Free in ProFTPd (CVE-2020-9273) adepts.of0x.cc/proftpd-cve-20…

A very detailed exploit demonstration of Antonio Morales 's CVE-2020-9273 (ProFTPd UAF)

ProFTPd UAF (lock), API hacking (Luke Stephens (hakluke) and Farah Hawa), file extension tricks on cloud storage (mr.d0x), built-in AD searching with ADSI (Grimmie), DCE/RPC fingerprints (HD Moore), SAML issues (Secureworks, Joonas Loppi), and more! blog.badsectorlabs.com/last-week-in-s…

CVE-2021-40444 simple demonstration PoC Exploit: github.com/lockedbyte/CVE…