Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …

The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.

Exploiting an old noVNC XSS (CVE-2017-18635) in OpenStack

OpenStack was using an old version of noVNC affected by a DOM-based XSS that allowed attackers to steal VM tokens and take over VMs.

Exploiting Apache Solr through OpenCMS

Exploiting a known XXE in Apache Solr through OpenCMS handleSolrSelect, to read arbitrary files from the OpenCMS' server.

Nagios XI 5.5.10: XSS to #

Walkthrough of a 1-click root RCE exploit chain in Nagios XI 5.5.10 by polict: XSS, RCE and local privilege escalation in a single URL click.

WebTech, identify technologies used on websites

Release of WebTech, a tool for RECON during Penetration Tests that scan websites and identify technologies and frameworks in use.

FridaLab – Writeup

Writeup for the FridaLab challenge with a basic introduction to the Frida toolkit on Android.

SOLUZIONE Seeweb Hacking Contest 2017: Music Of The Atoms

Soluzione del CTF Hacking Contest 2017: Music Of The Atoms di Seeweb. Scopri come risolvere tutte le challenge del #SeewebContest

XSSGame by Google at #HITB2017AMS – Writeup

Walkthrough of the Google XSS Game CTF @ Hack in the Box Amsterdam 2017 (HITBAMS2017): 8 challenges to win a Nexus 5X -- find out how we won it! 🤟🏻

SOLUZIONE HiB CTF 2017 Spring Edition

Soluzione del CTF di HackInBo 2017 Spring Edition 2017. Scopri come risolvere tutte le challenge!

Ransomware: FUD DLL via JavaScript

Analisi di alcune mail sospette ed estrazione payload ransomware Locky contenuto in dll malevola.