New blog post with @shubs.io:
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
Full post here: samcurry.net/hacking-subaru
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! github.blog/security/vul...
We broke something:
in a recent pentest on a hardened target, we were able to achieve unauthenticated Remote Code Execution (RCE) via Server-Side Template Injection (SSTI) in a Spring Boot application
We wrote it down for you to try at home:
modzero.com/en/blog/spri...
Nominations are now open for the Top 10 Web Hacking Techniques of 2024! Browse the contestants and submit your own here:
portswigger.net/research/top...
damn! that sucks :(
I put together a VERY limited (for now) list of web hackers in a Starter pack:
go.bsky.app/9uay4Ad
A lot of people are missing (I will try to add more as I find them) but make sure you follow people already in the list!
Rapid7 analysis of Apache #Struts 2 CVE-2024-53677 here via research lead Ryan Emmons — highlights:
* No, this isn't really being successfully exploited in the wild
* Payloads need to be customized to the target
* The 'fixed' version *does not* remediate the vuln
attackerkb.com/assessments/...
Last month, our Security Research team discovered and disclosed a critical pre-authentication RCE in CraftCMS (CVE-2024-56145). You can read our blog post on the issue here: assetnote.io/resources/re...
#attacksurfacemanagement
We recently focused on CVE-2024-8534, a vulnerability that can cause DoS or memory corruption, pre-auth on Citrix NetScaler. You can read our research and analysis here: www.assetnote.io/resources/re...
My latest blog post is live! Check your Ruby on Rails applications for the use of params[:_json]
nastystereo.com/security/rai...
Here is a great follow up blog post to my blog Remote Code Execution with Spring properties written by Elliot Ward: snyk.io/articles/rem...
This is really great research by @ryotak.net -
I appreciated that he covered some of his experiments along the way, and how he landed on a finely tuned way of finding a 12-char hash collision with a command injection payload at the end.
flatt.tech/research/pos...
Hey, depending on the scale of your organisation, you may be able to manage with some open source tooling, but maintaining this system, speed, reliability and scale, as well as gaining unique security research based on your attack surface will be difficult. Feel free to DM if you want to chat more.
My latest blog post is live! nastystereo.com/security/cro...
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
This is amazing. I’ve been in this scenario several times where the good old days of dropping a JSP file is not possible.
The "bug bounty hunters and content creators" starter pack is now up to 60 users! Follow this to get instantly connected to the bug bounty community & let me know if I've missed you off!
go.bsky.app/GD7hKPX
I've just updated Shortscan to support reading a list of URLs to scan from a file (and included a minor bugfix). Feedback welcome! The latest version is v0.9.2 and can be found on Github: github.com/bitquark/sho...
queued up tonight but just missed out, if anyone is selling tickets, looking for two tickets to ccc #38c3
Hey, would love to be added :)
Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
