Ayoub ELMOKHTAR
@ayoubmokhtar.bsky.social
senior offsec engineering / redteam at Noon - ayoubmokhtar.com
Reposted by Ayoub ELMOKHTAR
We recently focused on CVE-2024-8534, a vulnerability that can cause DoS or memory corruption, pre-auth on Citrix NetScaler. You can read our research and analysis here: www.assetnote.io/resources/re...
Citrix Denial of Service: Analysis of CVE-2024-8534
An analysis of CVE-2024-8534, a memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway.
www.assetnote.io
December 12, 2024 at 1:32 PM
We recently focused on CVE-2024-8534, a vulnerability that can cause DoS or memory corruption, pre-auth on Citrix NetScaler. You can read our research and analysis here: www.assetnote.io/resources/re...
Reposted by Ayoub ELMOKHTAR
Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
November 22, 2024 at 5:50 AM
Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
Reposted by Ayoub ELMOKHTAR
Great article about multipart parsing. Reminds me about the bypasses I found in modsec parser medium.com/@terjanq/waf...
November 19, 2024 at 1:13 PM
Great article about multipart parsing. Reminds me about the bypasses I found in modsec parser medium.com/@terjanq/waf...
Reposted by Ayoub ELMOKHTAR
Read all about how we made web security measurable at Google! Security signals have allowed us to massively scale our web security program and enabled us to deploy security features like CSP or Trusted Types at scale!
November 17, 2024 at 6:00 PM
Read all about how we made web security measurable at Google! Security signals have allowed us to massively scale our web security program and enabled us to deploy security features like CSP or Trusted Types at scale!