"Exploiting File Writes in Hardened Environments - From HTTP Request to ROP Chain in Node.js" 📝 by Stefan Schiller (scryh)

🛠️ Summer break is over and we are back on #RomHack2024 stuff 🛠️ - 63 registered training students, a few spots available - conf sold-out but business tickets available Get your ticket for the biggest RomHack edition ever 🎟️ romhack.io/tickets/ 🎟️

We have published the third and final writeup of our #Pwn2Own EV charger exploits: the Autel MaxiCharger! Unlike the other two, this one had authentication on the Bluetooth functionality! …but that had a “backdoor”. 😅 sector7.computest.nl/post/2024-08-p…

In the 1st of a 4 part series, Piotr Bazydło details his research into exploiting #Microsoft #Exchange after ProxyNotShell was patched. Today's post covers CVE-2023-21529: abuse of the allowed MultiValuedProperty class for RCE. Check it out at zerodayinitiative.com/blog/2024/9/4/…

🚨Alert🚨CVE-2024-6670: Breaking Down Barriers: Exploiting Pre-Auth SQL Injection in Progress WhatsUp Gold 🔥PoC: github.com/sinsinology/CV… 🧐Deep Dive:summoning.team/blog/progress-… 📊 3.4K+ Services are found on hunter.how yearly 🔗Hunter Link:hunter.how/list?searchVal…

Un exploit que hice para Impact hace como un mes, fuimos los primeros en sacarlo, aqui la investigacion y el POC. coresecurity.com/core-labs/arti… github.com/fortra/CVE-202…

I just launched a new blog: kevin2600-cmd.github.io. See you all in the matrix!

First part which covers the bug and finishes off with code allowing us for a controlled overflow in the Paged Pool is up: 3sjay.github.io/2024/09/08/Win…

Checkout esjay work, as usual, he published another awesome blog post 🔥🔥🔥🔥

3 more weeks before my Windows Kernel Exploitation training at Hexacon Don't miss out! More info on contents -> hexacon.fr/trainer/halbro…

Happy Monday! watchTowr Labs member SinSinology deep dives into Veeam Backup & Response CVE-2024-40711 in our latest post 🚀 labs.watchtowr.com/veeam-backup-r… We hope you enjoy it! (as always, where there's smoke - there is fire 😉 for next time..)

After many hours, It's out 🔥

update: ok the first part is out. if it goes well i might continue youtube.com/watch?v=Ar4dZN…

Xeno Kovah Rafal Wojtczuk. His pharck paper « Advanced returned-into-lib(c) exploits » is pure creativity. You can find there the first ROP chains. Also, the BadIRET exploit bromiumlabs.wordpress.com/2015/02/02/exp… is one of my favorite

My SharePoint RCE got fixed: CVE-2024-38018. Site Member privs should be enough to exploit. I also found a DoS vuln that got patched today: CVE-2024-43466 msrc.microsoft.com/update-guide/v…

No time to read the blog? Just prefer to listen to highlights at 1.5 speed? Check out the Patch Report, where The Dustin Childs hits the high points for the September Patch Tuesday release. youtu.be/lo5XAAHtNZg

We're hiring! Check out our open roles at job-boards.eu.greenhouse.io/watchtowr

🔥YOU DO NOT WANT TO MISS THIS🔥 amazing work by teammates Aliz (they/them pls) and Benjamin Harris

In part 2 of his #Exchange series, Piotr Bazydło describes the ApprovedApplicationCollection gadget. He also covers a path traversal in the Windows utility extrac32.exe, which allowed him to complete the chain for a full RCE in Exchange and remains unpatched. zerodayinitiative.com/blog/2024/9/11…