Step by step instructions on how to bypass SSL Pinning from iOS 14+. Works with Correlium or a physical device!
iOS 14 SSL Pinning Bypass (Works with Corellium)
CVE-2022-34108, CVE-2022-34109, CVE-2022-34110 DoS + Arbitrary file Download/Copy in MSI Feature Navigator
Denial Of Service and an Arbitrary file copy and download found in MSI's Feature Navigator demo software!
CVE-2022-34615, CVE-2022-34621, CVE-2022-34623, CVE-2022-34624 – IDOR, User Enum and More (In Mealie)
Multiple new CVEs discovered and disclosed! IDOR, User Enum, invalid session termination and a weak password policy!
CVE-2022-37857, CVE-2022-37163, CVE-2022-37164 Hardcoded Credentials/Weak Password Policies
A location sharing open source server and android client was found to hardcode credentials and allow weak passwords by default (including blank passwords!)
CVE-2022-35142, CVE-2022-35143, CVE-2022-35144 – DoS, XSS and Weak Password Policy in Renato a Markdown powered knowledge base
Multiple new CVEs discovered and disclosed! XSS, DoS and a weak password policy!
CVE-2022-34613, CVE-2022-34618, CVE-2022-34619 – Multiple XSS (And more) in Mealie
Multiple new CVEs discovered and disclosed! XSS, file uploads and more!
CVE-2022-34625 – Server-Side Template Injection to Remote Code Execution (SSTI) to (RCE) in Mealie – A lesson in patience
A detailed walkthrough of CVE-2022-34625 aka a Server-Side Template Injection (SSTI) to Remote Code Execution (RCE)
CVE-2022-34009
Denial of Service discovered against Fossil SCM when running on Windows boxes.
How to Find the next BIG Data Leak in under 20 minutes or less! – LeakLooker-X – Updated 2022
An update to my tutorial for installing and running LeakLooker-X working properly with current versions of Kali Linux and Celery.
Azure Cloud Pen Testing Software Suite
A great collection of scripts for attacking and defending Azure environments. Perfect for any azure cloud security assessment, audit or penetration test.