Hunting for Unauthenticated n-days in Asus Routers

Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.

CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files

A recently disclosed CVE for the Orthanc DICOM server can be used to obtain Remote Code Execution. As a PoC was not available, we wrote one.

How to Decrypt Manage Engine PMP Passwords for Fun and Domain Admin - a Red Teaming Tale

Learn how to decrypt Manage Engine Password Manager Pro (PMP) passwords after exploiting CVE-2022-35405.

1-click RCE on Keybase

Keybase client allowed inject arbitrary links with arbitrary protocols. This caused a Remote Command Execution on Windows and MacOS.

Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …

The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.

Nagios XI 5.5.10: XSS to #

Walkthrough of a 1-click root RCE exploit chain in Nagios XI 5.5.10 by polict: XSS, RCE and local privilege escalation in a single URL click.