Bypassing regular expression checks with a line feed
Regular expressions are often used to check if a user input should be allowed for a specific action or lead to an error as it might be malicious.
Security
Info leaks via buffered output on HTTP redirects
Writing data to the output buffer before deciding that the response to the current HTTP request should actually be a redirect (for example when an unauthenti...
CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker
Description of a XXE vulnerability in the Claris FileMaker Platform
CRTP Certification Review
A couple of days ago I took the exam for the CRTP certification by Pentester Academy. In this review I want to give a quick overview of the course contents, ...
Hack the Box Write-up #10: Buff
Write-up of “Buff” from Hack The Box
Hack the Box Write-up #9: Tabby
Write-up of “Tabby” from Hack The Box
Hack the Box Write-up #8: Fuse
Write-up of “Fuse” from Hack The Box
Disabling NX in Linux via Kernel Parameter (using GRUB)
To boot Linux without Data Execution Prevention, so that the OS doesn’t mark certain memory regions as non-executable, we…
Exploiting Python pickles
How unpickling untrusted data can lead to remote code execution.
Hack the Box Write-up #7: Bart
Write-up of “Bart” from Hack The Box
Hack the Box Write-up #6: Kotarak
Write-up of “Kotarak” from Hack The Box
Hack the Box Write-up #5: TartarSauce
Write-up of “TartarSauce” from Hack The Box
Hack the Box Write-up #4: Cronos
Write-up of “Cronos” from Hack The Box
Hack the Box Write-up #3: Netmon
Write-up of “Netmon” from Hack The Box
Running commands in a specific user context in PowerShell
Using the Invoke-Command Cmlet, you can execute a script block in the security context of a different user.
Hack the Box Write-up #2: Networked
Write-up of “Networked” from Hack The Box
Hack the Box Write-up #1: Jerry
Write-up of “Jerry” from Hack The Box
Reading sniffed SSL/TLS traffic from curl with Wireshark
If you want to debug/inspect/analyze SSL/TLS traffic made by curl, you can easily do so by setting the environment variable SSLKEYLOGFILE to a file path of y...
Pivoting: Setting up a port proxy with netsh on Windows
Pivot by setting up a portproxy between your machine and a machine in another network using “netsh interface portproxy add v4tov4 listenport= connectport= co...
Tunneling network traffic over DNS with Iodine and a SSH SOCKS proxy
Setting up a DNS tunnel and SOCKS proxy to send/receive data via restricted networks.
Hidden in plain sight: Alternate Data Streams
Have you ever wondered how a file in a file listing is shown with size 0 bytes but can still contain data? Or maybe wondered where all that meta data is stor...