MaterialX and OpenEXR Security Audit Shielder、OSTIF和ASWF对MaterialX和OpenEXR项目进行了安全审计，发现11个漏洞（包括3个未公开的MaterialX问题），大部分已修复。报告已发布，建议开发者更新至最新版本以提升安全性。... 2025-7-31 14:46:18 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - www.shielder.com openexr materialx security shielder memory

Karmada Security Audit TL;DRShielder, together with OSTIF and CNCF, performed a Security Audit on the Karmada project.The a... 2025-1-16 15:45:48 | 阅读: 4 | 收藏 | Over Security - Cybersecurity news aggregator - www.shielder.com karmada security clusters plane kubernetes

A Journey From `sudo iptables` To Local Privilege Escalation TL;DRA low-privileged user on a Linux machine can obtain the root privileges if:They can execute ipt... 2024-9-20 21:30:0 | 阅读: 3 | 收藏 | Blog on Shielder - www.shielder.com modprobe passwd nopasswd loaded machine

Boost Security Audit TL;DRShielder, with OSTIF and Amazon Web Services, performed a Security Audit on a subset of the Boo... 2024-5-22 23:1:23 | 阅读: 2 | 收藏 | Over Security - Cybersecurity news aggregator - www.shielder.com boost security library recursion shielder

Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers TL;DRDuring a security audit of Element Android, the official Matrix client for Android, we have ide... 2024-4-18 17:1:23 | 阅读: 43 | 收藏 | Over Security - Cybersecurity news aggregator - www.shielder.com security malicious client putextra

Bref Security Audit TL;DRShielder, with OSTIF and Amazon Web Services, performed a Security Audit of Bref.The audit res... 2024-3-29 20:16:15 | 阅读: 6 | 收藏 | Over Security - Cybersecurity news aggregator - www.shielder.com bref security github ostif brefphp

Hunting for ~~Un~~authenticated n-days in Asus Routers TL;DRAfter reading online the details of a few published critical CVEs affecting ASUS routers, we de... 2024-1-30 20:2:29 | 阅读: 19 | 收藏 | Over Security - Cybersecurity news aggregator - www.shielder.com cves qiling firmware systemcmd asus

CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files TL;DROrthanc is an open source software to manage, exchange and visualize medical imaging data. In v... 2023-10-24 18:31:25 | 阅读: 43 | 收藏 | Over Security - Cybersecurity news aggregator - www.shielder.com orthanc dicom payload software security

AWS CodeBuild + S3 == Privilege Escalation IntroductionIn the last decade one of the most common patterns observed in web applications is their... 2023-7-10 18:0:30 | 阅读: 2 | 收藏 | Blog on Shielder - www.shielder.com codebuild privileges cloud security ssrf

How to Decrypt Manage Engine PMP Passwords for Fun and Domain Admin - a Red Teaming Tale TL;DRDuring a recent Red Teaming assessment we have found an internet-exposed instance of ManageEngi... 2022-9-5 18:0:30 | 阅读: 1 | 收藏 | Blog on Shielder - www.shielder.com ptrx pmp database passwords security

Printing Fake Fiscal Receipts - An Italian Job p.2 TL;DRThe ItalRetail RistorAndro app installed on the SpiceT fiscal printer is affected by a pre-auth... 2022-5-16 18:0:30 | 阅读: 2 | 收藏 | Blog on Shielder - www.shielder.com fsl apk 3110 cowhard 517

Printing Fake Fiscal Receipts - An Italian Job p.1 TL;DRItalretail SpiceT fiscal printer allows any installed Android app to talk to the fiscal unit to... 2022-4-19 18:0:30 | 阅读: 1 | 收藏 | Blog on Shielder - www.shielder.com fiscal printer spicet security memory

A Sneak Peek into Smart Contracts Reversing and Emulation In the last years the web3 topic became increasingly relevant and, as for every buzzword, a lot of c... 2022-4-5 18:0:30 | 阅读: 1 | 收藏 | Blog on Shielder - www.shielder.com evm bytecode greeter blockchain qiling

Reversing embedded device bootloader (U-Boot) - p.2 This blog post is not intended to be a “101” ARM firmware reverse-engineering tutorial or a guide to... 2022-3-21 19:0:30 | 阅读: 1 | 收藏 | Blog on Shielder - www.shielder.com unicorn mu memory emulation decrypted

Reversing embedded device bootloader (U-Boot) - p.1 This blog post is not intended to be a “101” ARM firmware reverse-engineering tutorial or a guide to... 2022-3-8 22:20:30 | 阅读: 1 | 收藏 | Blog on Shielder - www.shielder.com memory interrupt bootloader ghidra interrupts

QilingLab – Release Two years ago Ross Marks created the FridaLab challenge as a playground to test and learn how to use... 2021-7-21 23:0:30 | 阅读: 1 | 收藏 | Blog on Shielder - www.shielder.com qilinglab qiling fridalab solved aarch64

Hunting for bugs in Telegram's animated stickers remote attack surface IntroductionAt the end of October ‘19 I was skimming the Telegram’s android app code, learning about... 2021-2-16 16:0:0 | 阅读: 1 | 收藏 | Blog on Shielder - www.shielder.com rlottie lottie sticker stickers animated

Re-discovering a JWT Authentication Bypass in ServiceStack TL;DRServiceStack before version 5.9.2 failed to properly verify JWT signatures, allowing to forge a... 2020-11-2 16:37:42 | 阅读: 1 | 收藏 | Blog on Shielder - www.shielder.com developers 3rd chose

Sometimes they come back: exfiltration through MySQL and CVE-2020-11579 Let’s jump straight to the strange behavior: up until PHP 7.2.16 it was possible by default to exfil... 2020-7-28 22:18:14 | 阅读: 1 | 收藏 | Blog on Shielder - www.shielder.com php database phpkb 11579 malicious

1-click RCE on Keybase TL;DRKeybase clients allowed to send links in chats with arbitrary schemes and arbitrary display tex... 2020-4-28 02:0:42 | 阅读: 3 | 收藏 | Blog on Shielder - www.shielder.com keybase typ client punycode shielder