🤡

One of our pentesters recently got a new D-Link DAP-X1860 repeater, which they couldn't setup. This was caused by a neighbor's Wi-Fi containing a single tick in their Wi-Fi name ("Olaf's WiFi"), resulting in the following error while scanning for access points:

🚀 We just published our new blog post: Better dSAFER than Sorry - An Attacker's Overview of Ghostscript 👻👻 Learn about exploiting Ghostscript from the fundamentals to the most recent vulnerabilities CVE-2023-36664 and CVE-2023-43115 🔥 blog.redteam-pentesting.de/2023/ghostscri… #infosec

Did you know you can still exploit CVE-2023-43115 for RCE on a fully patched Fedora 38 with a LibreOffice document?🤯

I'm very excited to finally share the first part of the research I did into Ghostscript. This post details the exploitation of CVE-2024-29510, a classic format string bug, which we abuse to bypass the SAFER sandbox and gain RCE. codeanlabs.com/blog/research/…

Here is part 2 of our Ghostscript research series. This is about CVE-2024-29511, a fun combination of logical bugs and features, in the end allowing to read and write files outside the SAFER sandbox. codeanlabs.com/blog/research/…

Question time ⁉️ Is this cursed piece of code 👇 actually the only way to decode Base64 in the browser? 😱

🔥 XSS on any website with missing charset information? 😳 Attackers may leverage the ISO-2022-JP character encoding to inject arbitrary JavaScript code into a website. Read more in our latest blog post: sonarsource.com/blog/encoding-… #appsec #security #vulnerability

tables.blurbdust.pw/netntlmv1-rain… It might be a bit rocky for the next couple days as I work out a couple issues with magnet links and the self-hosted tracker but its up and working

Just published the write-up of two bugs I found in LibreOffice, allowing remote exfiltration of file/env data and a semi-arbitrary file write. Also relevant for document conversion/preview usecases :) codeanlabs.com/blog/general/e…

🔥Only 10 days left until the Haix-la-Chapelle 2025 CTF is starting on November 29! We're sponsoring the prize money for the best writeups and are excited to see your creative solutions. haix-la-chapelle.eu

🎄Care for some Glühwein and flags? The Haix-la-Chapelle CTF 2025 starts tomorrow! 🍷 mastodon.social/@Pwn_la_Chapel…

We just released my writeup for my first CTF challenge I ever created, "Ghostbusters" for Haix-La-Chapelle 2025 CTF. it involves some cool techniques for exploiting Ghostscript and PDF/PostScript file type confusion. pwn-la-chapelle.eu/posts/hlc2025_…

🚀Our tool keycred for KeyCredentialLinks and Shadow Credential attacks now works with updated domain controllers again! It turns out, Microsoft violated their own specs. Try it out: github.com/RedTeamPentest…

SafeBreach Labs discovered a critical RCE vulnerability in the MS-EVEN RPC protocol that allowed low-privileged domain users to write arbitrary files and run code on remote Windows 11 and Windows Server 2025 computers in the domain. Get the full breakdown: hubs.ly/Q043PMZ-0