InfoSec Blog

suidpit

Security Researcher and Penetration Tester at Shielder. Human, Chaotic Good. Disciple of Bushido & Disney.

Karmada Security Audit

By suidpit

16/01/2025

Karmada Security Audit

Karmada Security Audit, sponsored by the CNCF (Cloud Native Computing Foundation), facilitated by Open Source Technology Improvement Fund (OSTIF) and performed by Shielder.

Read more

CVE OSTIF Public Report

3

Min

iptables privilege escalation

By suidpit & smaury

20/09/2024

A Journey From sudo iptables To Local Privilege Escalation

In this post, we demonstrate two techniques allowing a low privileged user to escalate their privileges to root in case they can run iptables and/or iptables-save as

Read more

linux research

10

Min

CVE-2024-26131, CVE-2024-26132 - Element Android Vulnerabilities

By suidpit & thezero

18/04/2024

Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers

A writeup about two intent-based Android vulnerabilities CVE-2024-26131 and CVE-2024-26132 in Element (Matrix).

Read more

android CVE writeup

15

Min

CVE-2023-39238 - Asus Router Format String RCE

By thezero & suidpit

30/01/2024

Hunting for Unauthenticated n-days in Asus Routers

Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.

Read more

RCE NDay CVE Exploit Writeup

12

Min

CVE-2023-33466 - Orthanc RCE

By suidpit

24/10/2023

CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files

A recently disclosed CVE for the Orthanc DICOM server can be used to obtain Remote Code Execution. As a PoC was not available, we wrote one.

Read more

RCE File Upload Exploit Writeup

8

Min