In 2020, a critical vulnerability was found in the GitLab server. An issue discovered in GitLab CE/EE (Community … [Read More...]
Featured Articles
Remote Code Execution
We create our own sample server application and explain how to use Remote Code Execution RCE. Remote Code Execution is … [Read More...]
HTTP Request Smuggling – Apache APISIX RCE
Recently, Apache APISIX officially released a security bulletin, disclosing an RCE (Remote Code Execution) vulnerability … [Read More...]
Editorial Picks
Remote Code Execution
We create our own sample server application and explain how to use Remote Code Execution RCE. Remote Code Execution is … [Read More...]
Python DDoS Scripting
How to DDoS with Python. We setup a sever with vulnerability and create an exploit that we will script together. We … [Read More...]
Cryptojacking: a hands-on guide for pentesters
Because attackers continuously devise new schemes for monetizing hacked machines, cryptojacking has emerged as one of … [Read More...]
Latest Blog Updates
Loading...GitLab File Read RCE
In 2020, a critical vulnerability was found in the GitLab server. An issue discovered in GitLab CE/EE (Community Edition/Enterprise Edition) versions 8.5 to 12.9 is vulnerable to a path traversal when moving an issue between projects. This path traversal bug leads to the arbitrary file read via the UploadsRewriter and RCE (Remote Command Execution) on the vulnerable server. This vulnerability of GitLab File Read RCE maps to CVE-2020-10977 and critical status since the attacker does not need any special rights in the system. What is GitLab GitLab Community Edition (CE) is an open-source end-to-end software … [Read More...]
Remote Code Execution
We create our own sample server application and explain how to use Remote Code Execution RCE. Remote Code Execution is when you get the server to execute code remotely. Jesus walks us along in creating a sample backup application using python with a flaw within it that we then exploit. … [Read More...]
HTTP Request Smuggling – Apache APISIX RCE
Recently, Apache APISIX officially released a security bulletin, disclosing an RCE (Remote Code Execution) vulnerability (CVE-2022-24112) in Apache APISIX versions prior to 2.12.1. The vulnerability is exploited using the HTTP Request Smuggling technique by rewriting a request header and achieving Apache APISIX RCE. Apache APISIX Apache APISIX is a dynamic, real-time, high-performance API Gateway. It lets you build Cloud-Native Microservices API gateways, delivering the ultimate performance, security, open-source and scalable platform for all your APIs and microservices. APISIX API Gateway provides rich … [Read More...]
Hacking elections in modern democracies
Around the world, democracy is facing a moment of crisis. Whether from the rise of oligarchs and strongmen leaders, or the decline of civil society in the West. But there's also a new threat that free societies never had to face until recently: hacking. Why? Because countries aim to attack their enemies by harming the basis of their civil societies. In other words, enemies are attacking the fabric of their enemies' nations. For free countries, this means they spread doubt about voting and elections. It's a powerful tool against the public trust. If people are out there hacking elections, how do you know that your … [Read More...]
Smishing attack: What it is and how to prevent it
What is Smishing? Smishing attacks are when a phishing attack occurs over text messages (such as WhatsApp or SMS, which is where the name comes from). Sounds simple, right? Yet the smartphone environment opens up a whole new world of opportunity for phishing attacks. For example, phone numbers don't have the same security level as modern email. One example: spoofing a phone number is too easy. So you can pretend to be someone else. Also, you can convince phone companies just to give you someone else's number! This is a common attack that we in the infosec space call SIM swapping. This is also how hackers … [Read More...]
Become a Member
