So stoked to reveal that my article submission was published in the latest Unredacted magazine publication! Ik they received hundreds of submissions so to be chosen is just awesome! Check it out on page 34 HERE END TRANSMISSION
Denial Of Service and an Arbitrary file copy and download found in MSI's Feature Navigator demo software!
Multiple new CVEs discovered and disclosed! IDOR, User Enum, invalid session termination and a weak password policy!
A location sharing open source server and android client was found to hardcode credentials and allow weak passwords by default (including blank passwords!)
Multiple new CVEs discovered and disclosed! XSS, DoS and a weak password policy!
Multiple new CVEs discovered and disclosed! XSS, file uploads and more!
A detailed walkthrough of CVE-2022-34625 aka a Server-Side Template Injection (SSTI) to Remote Code Execution (RCE)
Denial of Service discovered against Fossil SCM when running on Windows boxes.
An update to my tutorial for installing and running LeakLooker-X working properly with current versions of Kali Linux and Celery.
A great collection of scripts for attacking and defending Azure environments. Perfect for any azure cloud security assessment, audit or penetration test.