@0xjdow.bsky.social
Incoherent offsec retweets, hacking @ Scorpion Labs
Reposted
From SSRF discovery to RCE exploitation in 32 iterations.
XBOW systematically analyzed TiTiler's expression parser, discovered Python execution through error patterns, then crafted payloads using subclass traversal to achieve command execution.
Complete analysis: bit.ly/46XzOiA
XBOW systematically analyzed TiTiler's expression parser, discovered Python execution through error patterns, then crafted payloads using subclass traversal to achieve command execution.
Complete analysis: bit.ly/46XzOiA
XBOW – Beyond the Bands: Exploiting TiTiler’s Expression Parser for Remote Code Execution
A methodical analysis of TiTiler's API endpoints and its expression parser,
leading to arbitrary Python code execution on the server.
bit.ly
July 24, 2025 at 2:18 PM
From SSRF discovery to RCE exploitation in 32 iterations.
XBOW systematically analyzed TiTiler's expression parser, discovered Python execution through error patterns, then crafted payloads using subclass traversal to achieve command execution.
Complete analysis: bit.ly/46XzOiA
XBOW systematically analyzed TiTiler's expression parser, discovered Python execution through error patterns, then crafted payloads using subclass traversal to achieve command execution.
Complete analysis: bit.ly/46XzOiA
Reposted
Where do the Ads in Trackmania come from? In-game ads and reverse engineering tips in this mini-post from Jordan
www.atredis.com/blog/2025/5/...
www.atredis.com/blog/2025/5/...
A Peek into an In-Game Ad Client — Atredis Partners
A little bit ago I re-installed the racing game Trackmania, and I noticed I got product ads displayed at me in-game alongside the racetrack. Where were those coming from?
www.atredis.com
May 27, 2025 at 10:02 PM
Where do the Ads in Trackmania come from? In-game ads and reverse engineering tips in this mini-post from Jordan
www.atredis.com/blog/2025/5/...
www.atredis.com/blog/2025/5/...
Reposted
We recently discovered a local privilege escalation in Kolide; it impacts Kolide >= 1.5.3, < 1.12.3 on Windows machines. Check out our full disclosure here
advisories/ATREDIS-2025-0001.md at master · atredispartners/advisories
Atredis Partners Security Advisories. Contribute to atredispartners/advisories development by creating an account on GitHub.
buff.ly
March 14, 2025 at 7:48 PM
We recently discovered a local privilege escalation in Kolide; it impacts Kolide >= 1.5.3, < 1.12.3 on Windows machines. Check out our full disclosure here
Reposted
We've just released Shadow Repeater, for AI-enhanced manual testing. Simply use Burp Repeater as you normally would, and behind the scenes Shadow Repeater will learn from your attacks, try payload permutations, and report any discoveries via Organizer.
portswigger.net/research/sha...
portswigger.net/research/sha...
February 20, 2025 at 1:24 PM
We've just released Shadow Repeater, for AI-enhanced manual testing. Simply use Burp Repeater as you normally would, and behind the scenes Shadow Repeater will learn from your attacks, try payload permutations, and report any discoveries via Organizer.
portswigger.net/research/sha...
portswigger.net/research/sha...
Reposted
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...
Top 10 web hacking techniques of 2024
Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
portswigger.net
February 4, 2025 at 3:02 PM
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...
Reposted
New blog post with @shubs.io:
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
Full post here: samcurry.net/hacking-subaru
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
Full post here: samcurry.net/hacking-subaru
Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel
On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK admin panel that gave us unrestricted access to all vehicles and customer accounts in the United State...
samcurry.net
January 23, 2025 at 5:44 PM
New blog post with @shubs.io:
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
Full post here: samcurry.net/hacking-subaru
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
Full post here: samcurry.net/hacking-subaru
Reposted
In the Miami airport. Oohh… Aahhh.
December 20, 2024 at 9:51 PM
In the Miami airport. Oohh… Aahhh.
Reposted
Reposted
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties
Recently a past student came to me with a very interesting unauthenticated vulnerability in a Spring application that they were having a hard time exploiting...
srcincite.io
November 26, 2024 at 11:57 PM
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Reposted
My latest blog post is live! nastystereo.com/security/cro...
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
November 27, 2024 at 9:10 AM
My latest blog post is live! nastystereo.com/security/cro...
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
Reposted
I've just rewritten ActiveScan++ in Java to lay the foundation for some major enhancements. It's not in the BApp store yet but if you'd like to take it for a spin you can grab it here:
github.com/albinowax/Ac...
github.com/albinowax/Ac...
GitHub - albinowax/ActiveScanPlusPlus: ActiveScan++ Burp Suite Plugin
ActiveScan++ Burp Suite Plugin. Contribute to albinowax/ActiveScanPlusPlus development by creating an account on GitHub.
github.com
December 3, 2024 at 12:53 PM
I've just rewritten ActiveScan++ in Java to lay the foundation for some major enhancements. It's not in the BApp store yet but if you'd like to take it for a spin you can grab it here:
github.com/albinowax/Ac...
github.com/albinowax/Ac...
Reposted
if you don't know who your friend group's game server person is, you might be the game server person
Shoutout to @tailscale.com. As the "game server guy" in my friend group, it has sure made things a lot easier to get us all connected in game without punching holes in my FW. #quake #ut2k4
November 22, 2024 at 8:49 PM
if you don't know who your friend group's game server person is, you might be the game server person
Reposted
Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
November 22, 2024 at 5:50 AM
Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
Reposted
As a welcome gift, here is a Black Friday discount of 50% OFF for my online platform!
mr.un1k0d3r.online/training/blu...
You’ll get access to both the training and the coding class for 50% OFF. This offer ends on Sunday.
#redteam #pentest #blackfriday
mr.un1k0d3r.online/training/blu...
You’ll get access to both the training and the coding class for 50% OFF. This offer ends on Sunday.
#redteam #pentest #blackfriday
Mr.Un1k0d3r Offensive Red Team Training
mr.un1k0d3r.online
November 15, 2024 at 5:25 PM
As a welcome gift, here is a Black Friday discount of 50% OFF for my online platform!
mr.un1k0d3r.online/training/blu...
You’ll get access to both the training and the coding class for 50% OFF. This offer ends on Sunday.
#redteam #pentest #blackfriday
mr.un1k0d3r.online/training/blu...
You’ll get access to both the training and the coding class for 50% OFF. This offer ends on Sunday.
#redteam #pentest #blackfriday
Reposted
Added the "safe" OR-based payloads to my SQL injection cheatsheet: #sa...us.com/sqli#safe-or-based-payloads" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link" target="_blank" rel="noopener" data-link="bsky">tib3rius.com/sqli#sa...
Video explanation here if you missed it: youtu.be/EpCA4HF-aUM
Still looking for an MSSQL one or a more reliable SQLite one, if anyone wants to help out. 👀
Video explanation here if you missed it: youtu.be/EpCA4HF-aUM
Still looking for an MSSQL one or a more reliable SQLite one, if anyone wants to help out. 👀
November 15, 2024 at 12:00 PM
Added the "safe" OR-based payloads to my SQL injection cheatsheet: #sa...us.com/sqli#safe-or-based-payloads" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link" target="_blank" rel="noopener" data-link="bsky">tib3rius.com/sqli#sa...
Video explanation here if you missed it: youtu.be/EpCA4HF-aUM
Still looking for an MSSQL one or a more reliable SQLite one, if anyone wants to help out. 👀
Video explanation here if you missed it: youtu.be/EpCA4HF-aUM
Still looking for an MSSQL one or a more reliable SQLite one, if anyone wants to help out. 👀
Reposted
Tomorrow, 10am, BinaryFormatter dies.
November 12, 2024 at 4:19 AM
Tomorrow, 10am, BinaryFormatter dies.
Reposted
2023's top exploited vulnerabilities -- via the Five Eyes cybersecurity agencies
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...
November 12, 2024 at 4:43 PM
2023's top exploited vulnerabilities -- via the Five Eyes cybersecurity agencies
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...
Reposted
Starter packs are useful, but they are hard to find 🔍
Here's five of them, all related to infosec and cyber 🎁
Here's five of them, all related to infosec and cyber 🎁
November 7, 2024 at 7:37 PM
Starter packs are useful, but they are hard to find 🔍
Here's five of them, all related to infosec and cyber 🎁
Here's five of them, all related to infosec and cyber 🎁
Reposted
Bluehat talks are up www.youtube.com/playlist?lis...
November 11, 2024 at 8:24 PM
Bluehat talks are up www.youtube.com/playlist?lis...
Reposted
For the new folks, Bsky felt alive for me after following 200+ people which I found by looking for “starter packs” like the one I link here. Make sure you complete your profile with image/description, post, be generous with likes so people know you are reading their posts.
bsky.app/profile/matt...
bsky.app/profile/matt...
Reminder that this is Bluesky and not Xitter.
Dont expect 50 million inpressions per day because nothing is driving traffic to you except followers and reskeets.
Dont expect 50 million inpressions per day because nothing is driving traffic to you except followers and reskeets.
November 11, 2024 at 2:08 AM
For the new folks, Bsky felt alive for me after following 200+ people which I found by looking for “starter packs” like the one I link here. Make sure you complete your profile with image/description, post, be generous with likes so people know you are reading their posts.
bsky.app/profile/matt...
bsky.app/profile/matt...