2 min read The plugin does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks. Continuer la lecture
4 min read Are you good enough to apply for this job ? Continuer la lecture
4 min read The SOC received an alert in their SIEM for ‘Local to Local Port Scanning’ where an internal private IP began scanning another internal system. Continuer la lecture
3 min read Shocker is a retired HTB (Hack The Box) machine that is based on the ShellSock vulnerability, in this machine we will not use metasploit. Continuer la lecture
3 min read In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker. Continuer la lecture
2 min read Real visitor IPs in Nginx logs when using CloudFlare. Continuer la lecture
Il n’y a pas d’extrait, car cette publication est protégée.
3 min read Voici le write up du challenge Baguette VPN n°2 du France Cybersecurity Challenge (FCSC 2021)
Le but est de récupérer le secret contenu dans l’API. Continuer la lecture
3 min read Linux Privilege Escalation with Python Library Hijacking.
Python will prioritize the execution of our malicious module instead of the usual path Continuer la lecture
2 min read In our example, we will forward a local port from the target machine to our kali machine using chisel. Continuer la lecture