How an Akamai misconfiguration earned us USD 46.000
A few months ago me and my friend Jacopo Tediosi made an interesting discovery about an Akamai misconfiguration that allowed us to earn more than...
Workshop: Linux Kernel Exploitation 101 – Part 2
https://youtu.be/2FMTdFbjIsk Slide: https://hacktivesecurity-my.sharepoint.com/:b:/p/alessandro/EX9sSrCCRIlLqvkHoRl7_jQBB6xKgV_qLL9UA5fIwf2Cbw?e=cCQpixMateriale utilizzato nel video (per poter replicare i lab): https://hacktivesecurity-my.sharepoint.com/:u:/p/alessandro/EX08cV3wTzZJsEeEQwZvw80BbybF2CpUmJdsXXGlY0hnwA?e=JaGru3Il materiale è stato testato con Ubuntu 20.04 con architettura x86_64. Non dovrebbero esserci...
Workshop: Linux Kernel Exploitation 101 – Part 1
https://youtu.be/gkXsH0eJQvY Slide: https://hacktivesecurity-my.sharepoint.com/:b:/p/alessandro/EX9sSrCCRIlLqvkHoRl7_jQBB6xKgV_qLL9UA5fIwf2Cbw?e=cCQpixMateriale utilizzato nel video (per poter replicare i lab): https://hacktivesecurity-my.sharepoint.com/:u:/p/alessandro/EX08cV3wTzZJsEeEQwZvw80BbybF2CpUmJdsXXGlY0hnwA?e=JaGru3Il materiale è stato testato con Ubuntu 20.04 con architettura x86_64. Non dovrebbero esserci...
Dynamic caching: What could go wrong?
Tl;DrThe Engintron plugin for CPanel presents a default configuration which could expose applications to account takeover and / or sensitive data exposure due to cache...
Linux Kernel Exploit Development: 1day case study
Introduction I was searching for a vulnerability that permitted me to practise what I've learned in the last period on Linux Kernel Exploitation with a...
KRWX: Kernel Read Write Execute
Introduction Github project: https://github.com/kiks7/KRWX During the last few months/year I was studying and approaching the Kernel Exploitation subject and during this journey I developed few...
Intigriti XSS Challenge – December 2021
The approach to this challenge was completely different from the past two months, as the vulnerable component was on the backend, forcing us to approach...
Intigriti November XSS Challenge
The bug bounty program Intigriti hosts an XSS challenge every month. This time, the challenge was about bypassing CSP by reloading a VueJS instance, getting...
CVE-2021-43136 – FormaLMS – The evil default value that leads to Authentication Bypass
Preface As part of our recent research activity, we stumbled upon FormaLMS. The project is an open source Learning Management System built by forma.association and...
SA-CONTRIB-2021-036 NotSoSAML – Privilege Escalation via XML Signature Wrapping on MiniorangeSAML Drupal Plugin
This is a brief story about how we found a vulnerability on a drupal plugin that, when not configured correctly, could allow an authenticated user...