parzel
@parzel.bsky.social
Hacker based in Berlin | Working at modzero.bsky.social | he/him
Reposted by parzel
PSA update your INSTAR cameras. Our teammate Michael Imfeld identified a critical RCE (CVE-2025-8760) on 2k+ and 4K devices. Find the advisory here:
modzero.com/en/advisorie...
modzero.com/en/advisorie...
[MZ-25-03] INSTAR 2K+ and 4K Series
modzero.com
August 14, 2025 at 1:28 PM
PSA update your INSTAR cameras. Our teammate Michael Imfeld identified a critical RCE (CVE-2025-8760) on 2k+ and 4K devices. Find the advisory here:
modzero.com/en/advisorie...
modzero.com/en/advisorie...
A colleague of mine found exposed credentials potentially granting access to Synology Teams backups. Check the full analysis and scan your tenants for IOCs. #cybersecurity #infosec #disclosure
modzero.com/en/blog/when...
modzero.com/en/blog/when...
When Backups Open Backdoors: Accessing Sensitive Cloud Data via
modzero.com
June 27, 2025 at 5:20 PM
A colleague of mine found exposed credentials potentially granting access to Synology Teams backups. Check the full analysis and scan your tenants for IOCs. #cybersecurity #infosec #disclosure
modzero.com/en/blog/when...
modzero.com/en/blog/when...
Reposted by parzel
Innenminister Dobrindt meint: Die Einstufung der AfD als „gesichert rechtsextrem” reicht nicht für ein Parteiverbot?
Kein Problem – wir legen nach: Mit unserer Belegsammlung schaffen wir die Grundlage für ein umfassendes Gutachten zum AfD-Verbotsverfahren. Mehr dazu: fragdenstaat.de/aktionen/afd...
Kein Problem – wir legen nach: Mit unserer Belegsammlung schaffen wir die Grundlage für ein umfassendes Gutachten zum AfD-Verbotsverfahren. Mehr dazu: fragdenstaat.de/aktionen/afd...
Belegsammlung für ein AfD-Verbotsverfahren
Der Verfassungsschutz stuft die AfD in seinem Gutachten als gesichert rechtsextrem ein. Das reicht nicht für ein Parteiverbot, sagt Innenminister Alexander Dobrindt. Darum übernehmen wir nun den Job u...
fragdenstaat.de
May 23, 2025 at 6:54 AM
Innenminister Dobrindt meint: Die Einstufung der AfD als „gesichert rechtsextrem” reicht nicht für ein Parteiverbot?
Kein Problem – wir legen nach: Mit unserer Belegsammlung schaffen wir die Grundlage für ein umfassendes Gutachten zum AfD-Verbotsverfahren. Mehr dazu: fragdenstaat.de/aktionen/afd...
Kein Problem – wir legen nach: Mit unserer Belegsammlung schaffen wir die Grundlage für ein umfassendes Gutachten zum AfD-Verbotsverfahren. Mehr dazu: fragdenstaat.de/aktionen/afd...
Reposted by parzel
Both defenders and red teamers will be interested in this tool drop and deep dive into psexec from Aurélien.
He, Michael, and Reino built susinternals that makes use of the Microsoft signed psexec service binary on the host instead of the more easily flagged RemCom.
sensepost.com/blog/2025/ps...
He, Michael, and Reino built susinternals that makes use of the Microsoft signed psexec service binary on the host instead of the more easily flagged RemCom.
sensepost.com/blog/2025/ps...
SensePost | Psexec’ing the right way and why zero trust is mandatory
Leaders in Information Security
sensepost.com
February 11, 2025 at 1:22 PM
Both defenders and red teamers will be interested in this tool drop and deep dive into psexec from Aurélien.
He, Michael, and Reino built susinternals that makes use of the Microsoft signed psexec service binary on the host instead of the more easily flagged RemCom.
sensepost.com/blog/2025/ps...
He, Michael, and Reino built susinternals that makes use of the Microsoft signed psexec service binary on the host instead of the more easily flagged RemCom.
sensepost.com/blog/2025/ps...
Reposted by parzel
ROPing our way to “Yay, RCE” - and a lesson in the importance of a good nights sleep!
Follow our Colleague Michaels journey of developing an ARM ROP chain to exploit a buffer overflow in uc-http
modzero.com/en/blog/ropi...
Follow our Colleague Michaels journey of developing an ARM ROP chain to exploit a buffer overflow in uc-http
modzero.com/en/blog/ropi...
ROPing our way to RCE
modzero.com
February 7, 2025 at 5:10 PM
ROPing our way to “Yay, RCE” - and a lesson in the importance of a good nights sleep!
Follow our Colleague Michaels journey of developing an ARM ROP chain to exploit a buffer overflow in uc-http
modzero.com/en/blog/ropi...
Follow our Colleague Michaels journey of developing an ARM ROP chain to exploit a buffer overflow in uc-http
modzero.com/en/blog/ropi...
Reposted by parzel
NEU: Hier ist das geheime Verfassungsschutz-Gutachten zur AfD in voller Länge. Fast 5000 Quellen hat die Behörde in den vergangenen Jahren ausgewertet, jetzt hat @netzpolitik.org das Gutachten veröffentlicht.
Verdachtsfall Rechtsextremismus: Wir veröffentlichen das 1.000-seitige Verfassungsschutz-Gutachten zur AfD
Die Alternative für Deutschland steht im Verdacht, rechtsextrem und verfassungsfeindlich zu sein. Der Verfassungsschutz beobachtet die Partei und hat ein ausführliches Gutachten erstellt. Wir veröffen...
netzpolitik.org
February 3, 2025 at 6:30 AM
NEU: Hier ist das geheime Verfassungsschutz-Gutachten zur AfD in voller Länge. Fast 5000 Quellen hat die Behörde in den vergangenen Jahren ausgewertet, jetzt hat @netzpolitik.org das Gutachten veröffentlicht.
Reposted by parzel
In Chrome:
Object.values(this)[165].bind(this)()
Object.values(this)[165].bind(this)()
January 27, 2025 at 4:41 PM
In Chrome:
Object.values(this)[165].bind(this)()
Object.values(this)[165].bind(this)()
Reposted by parzel
This is a great post on bug bounty reddit!
OP reported an IDOR, gets paid $2,000, and then realizes it never was IDOR. It's just a cached response...
OP reported an IDOR, gets paid $2,000, and then realizes it never was IDOR. It's just a cached response...
January 24, 2025 at 2:14 PM
This is a great post on bug bounty reddit!
OP reported an IDOR, gets paid $2,000, and then realizes it never was IDOR. It's just a cached response...
OP reported an IDOR, gets paid $2,000, and then realizes it never was IDOR. It's just a cached response...
Reposted by parzel
Issue #2 joined the 'over 100K downloads' club. All thanks to you!
Now Issue #4 is applying for a membership there, and it's not far from getting in :)
Want to help? Tell your friends about us!
pagedout.institute
Now Issue #4 is applying for a membership there, and it's not far from getting in :)
Want to help? Tell your friends about us!
pagedout.institute
Paged Out!
pagedout.institute
January 14, 2025 at 8:37 AM
Issue #2 joined the 'over 100K downloads' club. All thanks to you!
Now Issue #4 is applying for a membership there, and it's not far from getting in :)
Want to help? Tell your friends about us!
pagedout.institute
Now Issue #4 is applying for a membership there, and it's not far from getting in :)
Want to help? Tell your friends about us!
pagedout.institute
I wrote a blog post about SSTI in Thymelaf - hopefully it helps some people pentesting up-to-date Spring Boot applications :)
We broke something:
in a recent pentest on a hardened target, we were able to achieve unauthenticated Remote Code Execution (RCE) via Server-Side Template Injection (SSTI) in a Spring Boot application
We wrote it down for you to try at home:
modzero.com/en/blog/spri...
in a recent pentest on a hardened target, we were able to achieve unauthenticated Remote Code Execution (RCE) via Server-Side Template Injection (SSTI) in a Spring Boot application
We wrote it down for you to try at home:
modzero.com/en/blog/spri...
Exploiting SSTI in a Modern Spring Boot Application (3.3.4)
modzero.com
January 11, 2025 at 11:47 AM
I wrote a blog post about SSTI in Thymelaf - hopefully it helps some people pentesting up-to-date Spring Boot applications :)
Reposted by parzel
(please re-post for reach - thank you!)
Learned a cool new Linux trick? Know an interesting quirk in a network protocol? Or have something else to share?
Write a 1-page article for the #6 issue of Paged Out! :)
pagedout.institute?page=cfp.php
Soft deadline is Feb 1st.
Learned a cool new Linux trick? Know an interesting quirk in a network protocol? Or have something else to share?
Write a 1-page article for the #6 issue of Paged Out! :)
pagedout.institute?page=cfp.php
Soft deadline is Feb 1st.
January 7, 2025 at 7:41 AM
(please re-post for reach - thank you!)
Learned a cool new Linux trick? Know an interesting quirk in a network protocol? Or have something else to share?
Write a 1-page article for the #6 issue of Paged Out! :)
pagedout.institute?page=cfp.php
Soft deadline is Feb 1st.
Learned a cool new Linux trick? Know an interesting quirk in a network protocol? Or have something else to share?
Write a 1-page article for the #6 issue of Paged Out! :)
pagedout.institute?page=cfp.php
Soft deadline is Feb 1st.
Reposted by parzel
My videos for Flare-On 2024 are live! Watch me reverse engineer all the challenges from start to end. 🎉🥳
+ Commentary video featuring SuperFashi, where we review the chals together.
* 45 hours of content
* 400+ GB of raw footage
Merry Christmas! Link: www.youtube.com/watch?v=vwW9...
+ Commentary video featuring SuperFashi, where we review the chals together.
* 45 hours of content
* 400+ GB of raw footage
Merry Christmas! Link: www.youtube.com/watch?v=vwW9...
Flare-On 2024 Solutions and Commentary
YouTube video by BasteG0d69
www.youtube.com
December 25, 2024 at 11:58 PM
My videos for Flare-On 2024 are live! Watch me reverse engineer all the challenges from start to end. 🎉🥳
+ Commentary video featuring SuperFashi, where we review the chals together.
* 45 hours of content
* 400+ GB of raw footage
Merry Christmas! Link: www.youtube.com/watch?v=vwW9...
+ Commentary video featuring SuperFashi, where we review the chals together.
* 45 hours of content
* 400+ GB of raw footage
Merry Christmas! Link: www.youtube.com/watch?v=vwW9...
Reposted by parzel
December 24, 2024 at 12:13 AM
Reposted by parzel
Announcing GitHub Copilot Free!
A new free tier for GitHub Copilot, available for everyone today in VS Code.
No trial. No subscription. No credit card required.
Learn more in our blog: aka.ms/copilot-free
A new free tier for GitHub Copilot, available for everyone today in VS Code.
No trial. No subscription. No credit card required.
Learn more in our blog: aka.ms/copilot-free
December 18, 2024 at 6:28 PM
Announcing GitHub Copilot Free!
A new free tier for GitHub Copilot, available for everyone today in VS Code.
No trial. No subscription. No credit card required.
Learn more in our blog: aka.ms/copilot-free
A new free tier for GitHub Copilot, available for everyone today in VS Code.
No trial. No subscription. No credit card required.
Learn more in our blog: aka.ms/copilot-free
Reposted by parzel
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties
Recently a past student came to me with a very interesting unauthenticated vulnerability in a Spring application that they were having a hard time exploiting...
srcincite.io
November 26, 2024 at 11:57 PM
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
I can highly recommend Shazzer from @garethheyes.co.uk, such a great tool for XSS research!
Digging for XSS Gold: Unearthing Browser Quirks with Shazzer
YouTube video by PortSwigger
www.youtube.com
November 27, 2024 at 9:11 AM
I can highly recommend Shazzer from @garethheyes.co.uk, such a great tool for XSS research!
Reposted by parzel
I'm glad to release the tool I have been working hard on the last month: #KrbRelayEx
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
November 25, 2024 at 5:31 PM
I'm glad to release the tool I have been working hard on the last month: #KrbRelayEx
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
Reposted by parzel
Hello Bluesky 👋
We are an IT security company. Our team consists of like-minded hackers located in Germany and Switzerland.
Our core areas of expertise are comprehensive technical security analyses, penetration tests and red teaming services.
Want to learn more about us?
Check: modzero.com/en/
We are an IT security company. Our team consists of like-minded hackers located in Germany and Switzerland.
Our core areas of expertise are comprehensive technical security analyses, penetration tests and red teaming services.
Want to learn more about us?
Check: modzero.com/en/
In-depth IT Security
modzero.com
November 21, 2024 at 2:21 PM
Hello Bluesky 👋
We are an IT security company. Our team consists of like-minded hackers located in Germany and Switzerland.
Our core areas of expertise are comprehensive technical security analyses, penetration tests and red teaming services.
Want to learn more about us?
Check: modzero.com/en/
We are an IT security company. Our team consists of like-minded hackers located in Germany and Switzerland.
Our core areas of expertise are comprehensive technical security analyses, penetration tests and red teaming services.
Want to learn more about us?
Check: modzero.com/en/
During a #redteam at @modzero.bsky.social we discovered a limited but neat bypass for #printnightmare. I talked to @itm4n about it and he had an indepth look. Read about it here:
itm4n.github.io/printnightma...
#itsec
itm4n.github.io/printnightma...
#itsec
The PrintNightmare is not Over Yet
Following the publication of my blog post A Practical Guide to PrintNightmare in 2024, a few people brought to my attention that there was a way to bypass the Point and Print (PnP) restrictions recomm...
itm4n.github.io
November 17, 2024 at 3:11 PM
During a #redteam at @modzero.bsky.social we discovered a limited but neat bypass for #printnightmare. I talked to @itm4n about it and he had an indepth look. Read about it here:
itm4n.github.io/printnightma...
#itsec
itm4n.github.io/printnightma...
#itsec