SinSinology
@sinsinology
Pwn2Own 20{22,23,24}, i look for 0-Days but i find N-Days & i chase oranges 🍊
ID: 1003519631389331457
https://summoning.team/ 04-06-2018 06:11:39
1,1K Tweet
11,11K Takipçi
553 Takip Edilen
In the 1st of a 4 part series, Piotr Bazydło details his research into exploiting #Microsoft #Exchange after ProxyNotShell was patched. Today's post covers CVE-2023-21529: abuse of the allowed MultiValuedProperty class for RCE. Check it out at zerodayinitiative.com/blog/2024/9/4/…
Happy Monday! watchTowr Labs member SinSinology deep dives into Veeam Backup & Response CVE-2024-40711 in our latest post 🚀 labs.watchtowr.com/veeam-backup-r… We hope you enjoy it! (as always, where there's smoke - there is fire 😉 for next time..)
Xeno Kovah Rafal Wojtczuk. His pharck paper « Advanced returned-into-lib(c) exploits » is pure creativity. You can find there the first ROP chains. Also, the BadIRET exploit bromiumlabs.wordpress.com/2015/02/02/exp… is one of my favorite
No time to read the blog? Just prefer to listen to highlights at 1.5 speed? Check out the Patch Report, where The Dustin Childs hits the high points for the September Patch Tuesday release. youtu.be/lo5XAAHtNZg
🔥YOU DO NOT WANT TO MISS THIS🔥 amazing work by teammates Aliz (they/them pls) and Benjamin Harris
In part 2 of his #Exchange series, Piotr Bazydło describes the ApprovedApplicationCollection gadget. He also covers a path traversal in the Windows utility extrac32.exe, which allowed him to complete the chain for a full RCE in Exchange and remains unpatched. zerodayinitiative.com/blog/2024/9/11…