unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
A Journey From `sudo iptables` To Local Privilege Escalation
TL;DRA low-privileged user on a Linux machine can obtain the root privileges if:They can execute ipt...
2024-9-20 21:30:0 | 阅读: 0 |
收藏
|
Blog on Shielder - www.shielder.com
modprobe
passwd
nopasswd
loaded
machine
Boost Security Audit
TL;DRShielder, with OSTIF and Amazon Web Services, performed a Security Audit on a subset of the Boo...
2024-5-22 23:1:23 | 阅读: 1 |
收藏
|
Over Security - Cybersecurity news aggregator - www.shielder.com
boost
security
library
recursion
shielder
Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers
TL;DRDuring a security audit of Element Android, the official Matrix client for Android, we have ide...
2024-4-18 17:1:23 | 阅读: 16 |
收藏
|
Over Security - Cybersecurity news aggregator - www.shielder.com
security
malicious
client
putextra
Bref Security Audit
TL;DRShielder, with OSTIF and Amazon Web Services, performed a Security Audit of Bref.The audit res...
2024-3-29 20:16:15 | 阅读: 5 |
收藏
|
Over Security - Cybersecurity news aggregator - www.shielder.com
bref
security
github
ostif
brefphp
Hunting for ~~Un~~authenticated n-days in Asus Routers
TL;DRAfter reading online the details of a few published critical CVEs affecting ASUS routers, we de...
2024-1-30 20:2:29 | 阅读: 18 |
收藏
|
Over Security - Cybersecurity news aggregator - www.shielder.com
cves
qiling
firmware
systemcmd
asus
CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
TL;DROrthanc is an open source software to manage, exchange and visualize medical imaging data. In v...
2023-10-24 18:31:25 | 阅读: 38 |
收藏
|
Over Security - Cybersecurity news aggregator - www.shielder.com
orthanc
dicom
payload
software
security
AWS CodeBuild + S3 == Privilege Escalation
IntroductionIn the last decade one of the most common patterns observed in web applications is their...
2023-7-10 18:0:30 | 阅读: 0 |
收藏
|
Blog on Shielder - www.shielder.com
codebuild
privileges
cloud
security
ssrf
How to Decrypt Manage Engine PMP Passwords for Fun and Domain Admin - a Red Teaming Tale
TL;DRDuring a recent Red Teaming assessment we have found an internet-exposed instance of ManageEngi...
2022-9-5 18:0:30 | 阅读: 0 |
收藏
|
Blog on Shielder - www.shielder.com
ptrx
pmp
database
passwords
security
Printing Fake Fiscal Receipts - An Italian Job p.2
TL;DRThe ItalRetail RistorAndro app installed on the SpiceT fiscal printer is affected by a pre-auth...
2022-5-16 18:0:30 | 阅读: 1 |
收藏
|
Blog on Shielder - www.shielder.com
fsl
apk
3110
cowhard
517
Printing Fake Fiscal Receipts - An Italian Job p.1
TL;DRItalretail SpiceT fiscal printer allows any installed Android app to talk to the fiscal unit to...
2022-4-19 18:0:30 | 阅读: 0 |
收藏
|
Blog on Shielder - www.shielder.com
fiscal
printer
spicet
security
memory
A Sneak Peek into Smart Contracts Reversing and Emulation
In the last years the web3 topic became increasingly relevant and, as for every buzzword, a lot of c...
2022-4-5 18:0:30 | 阅读: 0 |
收藏
|
Blog on Shielder - www.shielder.com
evm
bytecode
greeter
blockchain
qiling
Reversing embedded device bootloader (U-Boot) - p.2
This blog post is not intended to be a “101” ARM firmware reverse-engineering tutorial or a guide to...
2022-3-21 19:0:30 | 阅读: 0 |
收藏
|
Blog on Shielder - www.shielder.com
unicorn
mu
memory
emulation
decrypted
Reversing embedded device bootloader (U-Boot) - p.1
This blog post is not intended to be a “101” ARM firmware reverse-engineering tutorial or a guide to...
2022-3-8 22:20:30 | 阅读: 0 |
收藏
|
Blog on Shielder - www.shielder.com
memory
interrupt
bootloader
ghidra
interrupts
QilingLab – Release
Two years ago Ross Marks created the FridaLab challenge as a playground to test and learn how to use...
2021-7-21 23:0:30 | 阅读: 0 |
收藏
|
Blog on Shielder - www.shielder.com
qilinglab
qiling
fridalab
solved
aarch64
Hunting for bugs in Telegram's animated stickers remote attack surface
IntroductionAt the end of October ‘19 I was skimming the Telegram’s android app code, learning about...
2021-2-16 16:0:0 | 阅读: 0 |
收藏
|
Blog on Shielder - www.shielder.com
rlottie
lottie
sticker
stickers
animated
Re-discovering a JWT Authentication Bypass in ServiceStack
TL;DRServiceStack before version 5.9.2 failed to properly verify JWT signatures, allowing to forge a...
2020-11-2 16:37:42 | 阅读: 0 |
收藏
|
Blog on Shielder - www.shielder.com
developers
3rd
chose
Sometimes they come back: exfiltration through MySQL and CVE-2020-11579
Let’s jump straight to the strange behavior: up until PHP 7.2.16 it was possible by default to exfil...
2020-7-28 22:18:14 | 阅读: 0 |
收藏
|
Blog on Shielder - www.shielder.com
php
database
phpkb
11579
malicious
1-click RCE on Keybase
TL;DRKeybase clients allowed to send links in chats with arbitrary schemes and arbitrary display tex...
2020-4-28 02:0:42 | 阅读: 2 |
收藏
|
Blog on Shielder - www.shielder.com
keybase
typ
client
punycode
shielder
NotSoSmartConfig: broadcasting WiFi credentials Over-The-Air
During one of our latest IoT Penetration Tests we tested a device based on the ESP32 SoC by EspressI...
2020-4-21 00:0:0 | 阅读: 3 |
收藏
|
Blog on Shielder - www.shielder.com
smartconfig
encryption
security
activation
Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …
TL;DRLSP4XML, the library used to parse XML files in VSCode-XML, Eclipse’s wildwebdeveloper, theia-x...
2019-10-25 01:22:53 | 阅读: 0 |
收藏
|
Blog on Shielder - www.shielder.com
windows
lsp4xml
vscode
redhat
python3
Previous
-3
-2
-1
0
1
2
3
4
Next