Recent News
CVE-2018-14665 exploit: local privilege escalation on Solaris 11
I was investigating another 0day, when I noticed that Solaris 11 is also affected by…
Universal Android SSL Pinning Bypass #2
Following the frida script published last year by Piergiovanni, we found another way to bypass…
CVE-2018-14665 exploit: local privilege escalation on OpenBSD 6.3 and 6.4
This is my take on the recent Xorg vulnerability (CVE-2018-14665): "A flaw was found in…
From query manipulation to password extraction
Recently, I analyzed an AngularJS web application that executed queries on the backend in a…
CVE-2017-10271: Oracle WebLogic Server Remote Command Execution – Sleep detection payload
Recently we faced a version of Oracle WebLogic vulnerable to CVE-2017-10271. The issue can be exploited…
Brida – A step-by-step user guide
Hi! Today we will take a step-by-step tour on how to use Brida. We…
From XML External Entity to NTLM Domain Hashes
During this article I will show how it is possible to obtain NTLM password hashes…