White Papers
-
BIG-IP Remote Code Execution Vulnerability
The Vulnerability For F5’s iControl REST services, a user automatically gets access to REST resources but will need…
-
Policykit Exploitation
Introduction A Linux component called PolicyKit (also known as Polkit) is a component used in many Unix-based operating…
-
Supply Chain Attacks: A WordPress Case Study
Supply chain attacks have gained massively increasing attention recently, with the hugely notable cases of SolarWinds in 2020…
-
MouseJacking
Introduction With advances in wireless technologies, it’s becoming common to incorporate wireless technologies into everyday items, an example…
-
Password Cracking
BackStory For in-person infrastructure/network testing, it’s not feasible to carry around large power-hungry GPU servers; but Windows regularly…
-
Dirty Pipe (CVE-2022-0847)
Introduction ‘Dirty Pipe’ is a vulnerability and exploit, discovered by Max Kellermen, that allows for local privilege escalation…
-
Uber / Rockstar Hack
What We Know In the third quarter of 2022, information indicating potential data breaches at both Uber and…
-
ProxyNotShell in a NutShell
Introduction ProxyNotShell is composed of two CVEs, which allow for authenticated remote code execution in Microsoft Exchange versions:…
-
Binary Exploitation Techniques
Introduction ‘Low-level memory exploitation’ involves leveraging memory implementation flaws to access restricted data, elevate privileges or gain remote…