InfoSec Blog

polict

I’m a vulnerability researcher and exploit developer at Shielder. In my free time I enjoy backpacking 🧭

Hunting for bugs in Telegram's animated stickers remote attack surface

16/02/2021

Hunting for bugs in Telegram’s animated stickers remote attack surface

polict's 2020 journey in researching the lottie animation format, its integration in mobile apps and the vulnerabilities triggerable by a remote attacker against any Telegram user.

10

Min

Example CVE-2020-11579 exploit run

28/07/2020

Sometimes they come back: exfiltration through MySQL and CVE-2020-11579

Walkthrough and exploitation of MySQL LOCAL INFILE accompanied by the release of a new open-source tool to exploit similar vulnerabilities.

2

Min

Nagios XI 5.5.10 RCE exploit

10/04/2019

Nagios XI 5.5.10: XSS to #

Walkthrough of a 1-click root RCE exploit chain in Nagios XI 5.5.10 by polict: XSS, RCE and local privilege escalation in a single URL click.

5

Min

HITBAMS2017 XSS game by Google writeup

26/04/2017

XSSGame by Google at #HITB2017AMS – Writeup

Walkthrough of the Google XSS Game CTF @ Hack in the Box Amsterdam 2017 (HITBAMS2017): 8 challenges to win a Nexus 5X -- find out how we won it! 🤟🏻

5

Min