InfoSec Blog

smaury

I’m Abdel Adim Oisfi aka smaury.
Job: CEO, Security Researcher, Penetration Tester at Shielder.
Passions: Hacking, hitchhiking, cliff jumping and skinned knees.

iptables privilege escalation

By suidpit & smaury

20/09/2024

A Journey From sudo iptables To Local Privilege Escalation

In this post, we demonstrate two techniques allowing a low privileged user to escalate their privileges to root in case they can run iptables and/or iptables-save as

Read more

linux research

10

Min

Bref Security Audit

By smaury

29/03/2024

Bref Security Audit

Bref Security Audit, sponsored by Amazon Web Services (AWS), facilitated by Open Source Technology Improvement Fund (OSTIF) and performed by Shielder.

Read more

CVE OSTIF Public Report

3

Min

How to Decrypt Manage Engine PMP Passwords

By smaury & thezero

05/09/2022

How to Decrypt Manage Engine PMP Passwords for Fun and Domain Admin - a Red Teaming Tale

Learn how to decrypt Manage Engine Password Manager Pro (PMP) passwords after exploiting CVE-2022-35405.

Read more

reversing rce cryptography red teaming

14

Min

1-click RCE on Keybase

By smaury

27/04/2020

1-click RCE on Keybase

Keybase client allowed inject arbitrary links with arbitrary protocols. This caused a Remote Command Execution on Windows and MacOS.

Read more

Keybase Bug Bounty RCE Exploit

5

Min

Exploiting Apache Solr through OpenCMS

By smaury

13/04/2019

Exploiting Apache Solr through OpenCMS

Exploiting a known XXE in Apache Solr through OpenCMS handleSolrSelect, to read arbitrary files from the OpenCMS' server.

Read more

Exploit PoC Apache Solr XXE Encoding OpenCMS

7

Min