This post is meant to be an honest review of the CEH Master, if you're unhappy with my review, I'm sorry.
A quick and dirty Linux Privilege Escalation cheat sheet. I have utilized all of these privilege escalation techniques at least once.
An organized guide to highlight some of the smartest techniques and resources for your OSCP journey. DEPRECATED: 12/28/2022
How Jackson and I managed to land a Critical Vulnerability Bounty - and through persistence, ensure that justice was served.
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP Plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.
A Business Logic Flaw was discovered in the Jack Daniel's Tennessee Squire Association. It led to the full compromise of a user account, with many other accounts inadvertently exposed.
Versions of npm private-ip including and prior to 1.0.5 are vulnerable to multiple Server Side Request Forgery (SSRF) bypasses. Implemented Regular Expression (RegEx) within the package fail to account for variations of localhost and other Private IP ranges. An attacker can obfuscate payloads, or utilize ranges outside of the block list to successfully execute SSRF bypass techniques, circumventing restrictions.
A writeup detailing the exposed employee records that Sakura Samurai managed to access during our security research through their vulnerability disclosure program.
A writeup detailing the vulnerability reporting process that took place after Sakura Samurai had breached the Indian Government
Cleartext Storage in a File or on Disk in Keybase Desktop Clients for Windows, macOS, and Linux allows attacker who can locally read user’s files obtain private pictures in the Cache and uploadtemps directories. Keybase Client fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the “Explode message/Explode now” functionality.
A full-scale writeup detailing the specifics of the vulnerabilities discovered and Sakura Samurai's exploitation methodology.
A reflected cross site scripting vulnerability exists on the ‘id’ parameter of the Wordpress Marmoset Viewer plugin. A threat actor can utilize a specially crafted payload and append it to the id parameter included in the Marmoset Viewer. The cross site scripting vulnerability can lead to the potential theft of cookies or credentials, giving the threat actor the ability to take over a victim’s account or steal other sensitive information.
A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure hardcoded credentials, API keys, or other sensitive data.
A friend shared a link to their Wedding RSVP website. After several minutes, a Business Logic Flaw was identified - resulting in the ability to accept/decline RSVP invites on behalf of another person, access notes, and view/modify any other custom fields included in the form.
Google Earth Enterprise is deployed with default credentials. We discovered that educational, government, private enterprise and military organizations all rely on GEE for day-to-day operations.
A CSRF issue on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain file system access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.
Times are changing, and the Japanese Government’s Cybersecurity posture lags behind the best of NATO and other prominent countries.
The ultimate guide to passing the Certified Red Team Operator exam by Zero Point Security.
A business logic flaw in various Zix configurations allows a threat actor to perform native Spear Phishing from the context of the organization's own trust.
A business logic flaw in various Zix configurations allows a threat actor to perform native data exfiltration from the context of the organization's own trust.
A business logic flaw in various Zix configurations allows a threat actor to perform native data exfiltration from the context of the organization's own trust.
Revamped OSCP guide, tailored to be relevant for the latest revision of the OSCP which includes Active Directory exploitation.
A flaw in how files are stored in Signal Desktop ≤ 6.2.0 allows a threat actor to potentially obtain sensitive attachments sent in messages. Subsequently, a similar issue with Signal Desktop ≤ 6.2.0 exists, allowing an an attacker to modify conversation attachments within the same directory. Client mechanisms fail to validate modifications of existing cached files, resulting in the ability to implement malicious code or overwrite pre-existing files and masquerade as pre-existing files. Local access is needed.