Clik here to view.
Art of Anti Detection 3 – Shellcode Alchemy
This article will deal with basic shellcoding and similar concepts, assembly level encoder/decoder design and few methods for bypassing anti exploit solutions such as Microsoft’s Enhanced Mitigation...
View ArticleOne ring to rule them all – Same RCE on multiple Trend Micro products
Framework’s security has been a known topic for security folks. In fact, we already seen a real impact of single vulnerability within a framework on Apache Struts case. If we consider this risk from...
View ArticleClik here to view.
Advisory | Seagate Central Storage Remote Code Execution 0day
In this article, I will be sharing several critical vulnerabilities of Seagate Central Storage NAS product. Advisory Informations Remotely Exploitable: YesAuthentication Required: NOVendor URL:...
View ArticleClik here to view.
Vesta Control Panel Second Order Remote Code Execution 0day Step-by-Step...
I believe that doing a security research is all about trying to understand high-level of architecture of the products and finding a creative attack vectors. I hope this blog post will show some the...
View ArticleClik here to view.
Unexpected Journey #7 – GravCMS Unauthenticated Arbitrary YAML Write/Update...
It has been a while since I haven’t published a post on our beloved blog. Today I would like to share technical details and POC for a pretty funny vulnerability that I’ve found at GravCMS. As I’ve...
View ArticleClik here to view.
Pardus 21 Linux Distro – Remote Code Execution 0day 2021
A couple of days ago, I came up with news that Pardus will organize a report-bug contest. I love to contribute to open-source projects. So that was a pretty good chance to revisit one of my old...
View ArticleClik here to view.
LiderAhenk 0day – All your PARDUS Clients Belongs To Me
LiderAhenk is an open source software system that enables centralized management, monitoring and control of systems and users on the corporate network. In this blog post, you will see how bad it can...
View ArticleClik here to view.
Advisory | Roxy-WI Unauthenticated Remote Code Executions CVE-2022-31137
Roxy-WI was created for people who want a fault-tolerant infrastructure but do not want to dive deep into the details of setting up and creating a cluster based on HAProxy / NGINX and Keepalived, or...
View Article
