InfoSec Blog

suidpit

Security Researcher e Penetration Tester in Shielder. Umano, Caotico Buono. Seguace del Bushido e della Disney.

iptables privilege escalation

By suidpit & smaury

20/09/2024

A Journey From sudo iptables To Local Privilege Escalation

In this post, we demonstrate two techniques allowing a low privileged user to escalate their privileges to root in case they can run iptables and/or iptables-save as

Leggi di più

linux research

10

Min

CVE-2024-26131, CVE-2024-26132 - Element Android Vulnerabilities

By suidpit & thezero

18/04/2024

Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers

A writeup about two intent-based Android vulnerabilities CVE-2024-26131 and CVE-2024-26132 in Element (Matrix).

Leggi di più

android CVE writeup

15

Min

CVE-2023-39238 - Asus Router Format String RCE

By thezero & suidpit

30/01/2024

Hunting for Unauthenticated n-days in Asus Routers

Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.

Leggi di più

RCE NDay CVE Exploit Writeup

12

Min

CVE-2023-33466 - Orthanc RCE

By suidpit

24/10/2023

CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files

A recently disclosed CVE for the Orthanc DICOM server can be used to obtain Remote Code Execution. As a PoC was not available, we wrote one.

Leggi di più

RCE File Upload Exploit Writeup

8

Min