suidpit

Security Researcher and Penetration Tester at Shielder. Human, Chaotic Good. Disciple of Bushido & Disney.

20/09/2024

A Journey From sudo iptables To Local Privilege Escalation

In this post, we demonstrate two techniques allowing a low privileged user to escalate their privileges to root in case they can run iptables and/or iptables-save as

linux research

Min

CVE-2024-26131, CVE-2024-26132 - Element Android Vulnerabilities

By suidpit & thezero

18/04/2024

Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers

A writeup about two intent-based Android vulnerabilities CVE-2024-26131 and CVE-2024-26132 in Element (Matrix).

android CVE writeup

Min

CVE-2023-39238 - Asus Router Format String RCE

By thezero & suidpit

30/01/2024

Hunting for Unauthenticated n-days in Asus Routers

Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.

RCE NDay CVE Exploit Writeup

Min

By suidpit

24/10/2023

CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files

A recently disclosed CVE for the Orthanc DICOM server can be used to obtain Remote Code Execution. As a PoC was not available, we wrote one.

RCE File Upload Exploit Writeup

Min

InfoSec Blog

suidpit