Art of Anti Detection 3 – Shellcode Alchemy
This article will deal with basic shellcoding and similar concepts, assembly level encoder/decoder design and few methods for bypassing anti exploit solutions such as Microsoft’s Enhanced Mitigation...
View ArticleOne ring to rule them all – Same RCE on multiple Trend Micro products
Framework’s security has been a known topic for security folks. In fact, we already seen a real impact of single vulnerability within a framework on Apache Struts case. If we consider this risk from...
View ArticleAdvisory | Seagate Central Storage Remote Code Execution 0day
In this article, I will be sharing several critical vulnerabilities of Seagate Central Storage NAS product. Advisory Informations Remotely Exploitable: YesAuthentication Required: NOVendor URL:...
View ArticleVesta Control Panel Second Order Remote Code Execution 0day Step-by-Step...
I believe that doing a security research is all about trying to understand high-level of architecture of the products and finding a creative attack vectors. I hope this blog post will show some the...
View ArticleUnexpected Journey #7 – GravCMS Unauthenticated Arbitrary YAML Write/Update...
It has been a while since I haven’t published a post on our beloved blog. Today I would like to share technical details and POC for a pretty funny vulnerability that I’ve found at GravCMS. As I’ve...
View ArticlePardus 21 Linux Distro – Remote Code Execution 0day 2021
A couple of days ago, I came up with news that Pardus will organize a report-bug contest. I love to contribute to open-source projects. So that was a pretty good chance to revisit one of my old...
View ArticleLiderAhenk 0day – All your PARDUS Clients Belongs To Me
LiderAhenk is an open source software system that enables centralized management, monitoring and control of systems and users on the corporate network. In this blog post, you will see how bad it can...
View ArticleAdvisory | Roxy-WI Unauthenticated Remote Code Executions CVE-2022-31137
Roxy-WI was created for people who want a fault-tolerant infrastructure but do not want to dive deep into the details of setting up and creating a cluster based on HAProxy / NGINX and Keepalived, or...
View Article
More Pages to Explore .....