Blogs

FireRTC: Call Spoofing

FireRTC is a tool that can be used to spoof any phone number, and dial out to the designated phone number.

Hidden Eye: A Modern Phishing Tool

An easy to use phishing tool that will allow you quickly build and create a phishing engagement in an attempt to capture credentials.

CEH Master, An Honest Review

This post is meant to be an honest review of the CEH Master, if you're unhappy with my review, I'm sorry.

Linux Privilege Escalation: Quick and Dirty

A quick and dirty Linux Privilege Escalation cheat sheet. I have utilized all of these privilege escalation techniques at least once.

The Ultimate OSCP Preparation Guide, 2021

An organized guide to highlight some of the smartest techniques and resources for your OSCP journey. Updated with new techniques and refined on: 2/2/2021

P1: Critical - Discovering and Foiling a Threat Actor

How Jackson and I managed to land a Critical Vulnerability Bounty - and through persistence, ensure that justice was served.

CVE-2020-27388: YOURLS 1.5 - 1.7.10, Multiple Stored Cross Site Scripting (XSS) Vulnerabilities in Admin Panel

Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP Plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.

Account Takeover on the Jack Daniel's Tennessee Squire Association Platform

A Business Logic Flaw was discovered in the Jack Daniel's Tennessee Squire Association. It led to the full compromise of a user account, with many other accounts inadvertently exposed.

CVE-2020-28360: npm private-ip SSRF Bypass (IP Phone Home)

Versions of npm private-ip including and prior to 1.0.5 are vulnerable to multiple Server Side Request Forgery (SSRF) bypasses. Implemented Regular Expression (RegEx) within the package fail to account for variations of localhost and other Private IP ranges. An attacker can obfuscate payloads, or utilize ranges outside of the block list to successfully execute SSRF bypass techniques, circumventing restrictions.

Twitter Verification 2021: Research Study

A hasty analysis of the new Twitter Verification criteria and resultant negative Application Security effects, inevitable silencing of worthy individuals, and stripping of "title"

UNEP Breached, 100K+ Employee Records Accessed

A writeup detailing the exposed employee records that Sakura Samurai managed to access during our security research through their vulnerability disclosure program.

Indian Government Breached, Massive Amount of Critical Vulnerabilities

A writeup detailing the vulnerability reporting process that took place after Sakura Samurai had breached the Indian Government

CVE-2021-23827: Sakura Samurai discover cleartext pictures in Keybase Desktop Client; Windows, macOS, Linux

Cleartext Storage in a File or on Disk in Keybase Desktop Clients for Windows, macOS, and Linux allows attacker who can locally read user’s files obtain private pictures in the Cache and uploadtemps directories. Keybase Client fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the “Explode message/Explode now” functionality.

Indian Government Breach, Disclosure

A full-scale writeup detailing the specifics of the vulnerabilities discovered and Sakura Samurai's exploitation methodology.

Ritual Motion Gaming Gloves [Skins]: An Honest Evaluation

Ritual Motion Gaming Gloves, protecting a hacker's hands.

CVE-2021-24495: Improper Neutralization of Input During Web Page Generation on ‘id’ parameter in Wordpress Marmoset Viewer Plugin versions 1.9.3 ≤ leads to Reflected Cross Site Scripting

A reflected cross site scripting vulnerability exists on the ‘id’ parameter of the Wordpress Marmoset Viewer plugin. A threat actor can utilize a specially crafted payload and append it to the id parameter included in the Marmoset Viewer. The cross site scripting vulnerability can lead to the potential theft of cookies or credentials, giving the threat actor the ability to take over a victim’s account or steal other sensitive information.

CVE-2021-40875: Improper Access Control in Gurock TestRail versions ≤ 7.2.0.3014 results in sensitive file exposure

A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure hardcoded credentials, API keys, or other sensitive data.

The Ultimate Guide to Crashing Your Friend's Wedding - The Knot, Business Logic Flaw

A friend shared a link to their Wedding RSVP website. After several minutes, a Business Logic Flaw was identified - resulting in the ability to accept/decline RSVP invites on behalf of another person, access notes, and view/modify any other custom fields included in the form.

Google Earth Hacking - EaaS (Espionage as a Service)

Google Earth Enterprise is deployed with default credentials. We discovered that educational, government, private enterprise and military organizations all rely on GEE for day-to-day operations.