𝚑𝚐𝟾
@hg8.sh
Security Researcher & Privacy Activist.
DM are welcome for any questions.
--
Website: https://hg8.sh
Post history on Twitter: @_hg8_
DM are welcome for any questions.
--
Website: https://hg8.sh
Post history on Twitter: @_hg8_
"CVE-2025-32463: sudo local privilege escalation via chroot option"
An attacker can leverage sudo's -R (--chroot) option to run
arbitrary commands as root, even if they are not listed in the sudoers file.
Sudo versions 1.9.14 to 1.9.17 affected.
www.openwall.com/lists/oss-se... #infosec #cve
An attacker can leverage sudo's -R (--chroot) option to run
arbitrary commands as root, even if they are not listed in the sudoers file.
Sudo versions 1.9.14 to 1.9.17 affected.
www.openwall.com/lists/oss-se... #infosec #cve
oss-security - CVE-2025-32463: sudo local privilege escalation via chroot option
www.openwall.com
July 2, 2025 at 7:40 AM
"CVE-2025-32463: sudo local privilege escalation via chroot option"
An attacker can leverage sudo's -R (--chroot) option to run
arbitrary commands as root, even if they are not listed in the sudoers file.
Sudo versions 1.9.14 to 1.9.17 affected.
www.openwall.com/lists/oss-se... #infosec #cve
An attacker can leverage sudo's -R (--chroot) option to run
arbitrary commands as root, even if they are not listed in the sudoers file.
Sudo versions 1.9.14 to 1.9.17 affected.
www.openwall.com/lists/oss-se... #infosec #cve
"TensorFlow Remote Code Execution with Malicious Model"
Old technique but good writeup
splint.gitbook.io/cyberblog/se... #ctf #tensorflow #ai #infosec
Old technique but good writeup
splint.gitbook.io/cyberblog/se... #ctf #tensorflow #ai #infosec
TensorFlow Remote Code Execution with Malicious Model | CyberBlog
The purpose of this article is to show how to get RCE when a crafted malicious Tensorflow model is loaded. Remember all of this is for educational purposes only! Don't be mean!
splint.gitbook.io
June 25, 2025 at 6:21 PM
"TensorFlow Remote Code Execution with Malicious Model"
Old technique but good writeup
splint.gitbook.io/cyberblog/se... #ctf #tensorflow #ai #infosec
Old technique but good writeup
splint.gitbook.io/cyberblog/se... #ctf #tensorflow #ai #infosec
"Funky chunks: abusing ambiguous chunk line terminators for request smuggling"
w4ke.info/2025/06/18/f... #infosec
w4ke.info/2025/06/18/f... #infosec
June 19, 2025 at 8:44 AM
"Funky chunks: abusing ambiguous chunk line terminators for request smuggling"
w4ke.info/2025/06/18/f... #infosec
w4ke.info/2025/06/18/f... #infosec
"Getting RCE on Monero forums with wrapwrap"
Cool finding. This would make a cool CTF challenge 👍
swap.gs/posts/monero... #rce #ctf
Cool finding. This would make a cool CTF challenge 👍
swap.gs/posts/monero... #rce #ctf
Getting RCE on Monero forums with wrapwrap
breakpoint of no return
swap.gs
June 12, 2025 at 6:04 PM
"Getting RCE on Monero forums with wrapwrap"
Cool finding. This would make a cool CTF challenge 👍
swap.gs/posts/monero... #rce #ctf
Cool finding. This would make a cool CTF challenge 👍
swap.gs/posts/monero... #rce #ctf
"Riding The Time Machine: Journey Through An Old vBulletin PHP Object Injection"
Another good potential for a CTF challenge! 👀
karmainsecurity.com/riding-the-t... #infosec #rce #ctf
Another good potential for a CTF challenge! 👀
karmainsecurity.com/riding-the-t... #infosec #rce #ctf
Riding The Time Machine: Journey Through An Old vBulletin PHP Object Injection | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
karmainsecurity.com
June 9, 2025 at 8:06 AM
"Riding The Time Machine: Journey Through An Old vBulletin PHP Object Injection"
Another good potential for a CTF challenge! 👀
karmainsecurity.com/riding-the-t... #infosec #rce #ctf
Another good potential for a CTF challenge! 👀
karmainsecurity.com/riding-the-t... #infosec #rce #ctf
"Weaponizing Dependabot: Pwn Request at its finest"
TL;DR: Through "Confused Deputy" attacks Dependabot (and other GitHub bots), can be tricked into merging malicious code. It can escalate to full command injection via crafted branch names.
boostsecurity.io/blog/weaponi... #infosec
TL;DR: Through "Confused Deputy" attacks Dependabot (and other GitHub bots), can be tricked into merging malicious code. It can escalate to full command injection via crafted branch names.
boostsecurity.io/blog/weaponi... #infosec
Weaponizing Dependabot: Pwn Request at its finest
Learn how Dependabot can be co-opted to exploit some sensitive workflows, through the Confused Deputy Problem and branch name injections.
boostsecurity.io
June 6, 2025 at 5:34 PM
"Weaponizing Dependabot: Pwn Request at its finest"
TL;DR: Through "Confused Deputy" attacks Dependabot (and other GitHub bots), can be tricked into merging malicious code. It can escalate to full command injection via crafted branch names.
boostsecurity.io/blog/weaponi... #infosec
TL;DR: Through "Confused Deputy" attacks Dependabot (and other GitHub bots), can be tricked into merging malicious code. It can escalate to full command injection via crafted branch names.
boostsecurity.io/blog/weaponi... #infosec
"From Reverse Engineering to Cheat Development: Internal Game Hacks with AssaultCube"
Bit outdated (DirectX9) but still some very valuable info and a great writeup 👍
adminions.ca/books/articl... #infosec #re
Bit outdated (DirectX9) but still some very valuable info and a great writeup 👍
adminions.ca/books/articl... #infosec #re
Part 2 - From Reverse ... | ADMinions
Introduction
In this guide, we’ll walk step-by-step through building a fully functional internal che...
adminions.ca
May 29, 2025 at 7:55 AM
"From Reverse Engineering to Cheat Development: Internal Game Hacks with AssaultCube"
Bit outdated (DirectX9) but still some very valuable info and a great writeup 👍
adminions.ca/books/articl... #infosec #re
Bit outdated (DirectX9) but still some very valuable info and a great writeup 👍
adminions.ca/books/articl... #infosec #re
"Authenticated Remote Code Execution in Netwrix Password Secure (CVE-2025-26817)"
That will make a nice CTF challenge ^
www.8com.de/cyber-securi... #infosec #cve #rce
That will make a nice CTF challenge ^
www.8com.de/cyber-securi... #infosec #cve #rce
cve-2025-26817 netwrix rce
Authenticated Remote Code Execution Vulnerability in Netwrix Password Secure
www.8com.de
May 28, 2025 at 8:21 AM
"Authenticated Remote Code Execution in Netwrix Password Secure (CVE-2025-26817)"
That will make a nice CTF challenge ^
www.8com.de/cyber-securi... #infosec #cve #rce
That will make a nice CTF challenge ^
www.8com.de/cyber-securi... #infosec #cve #rce
"GitHub MCP Exploited: Accessing private repositories via Model Context Protocol"
invariantlabs.ai/blog/mcp-git...
invariantlabs.ai/blog/mcp-git...
GitHub MCP Exploited: Accessing private repositories via MCP
We showcase a critical vulnerability with the official GitHub MCP server, allowing attackers to access private repository data. The vulnerability is among the first discovered by Invariant's security ...
invariantlabs.ai
May 28, 2025 at 8:19 AM
"GitHub MCP Exploited: Accessing private repositories via Model Context Protocol"
invariantlabs.ai/blog/mcp-git...
invariantlabs.ai/blog/mcp-git...
"Uncovering a crazy privilege escalation from Chrome extensions - CVE-2023-4369" (2023)
0x44.xyz/blog/cve-202... #infosec #cve #privesc
0x44.xyz/blog/cve-202... #infosec #cve #privesc
Uncovering a crazy privilege escalation from Chrome extensions
What's the worst thing a Chrome extension could do to you?
0x44.xyz
May 28, 2025 at 8:18 AM
"Uncovering a crazy privilege escalation from Chrome extensions - CVE-2023-4369" (2023)
0x44.xyz/blog/cve-202... #infosec #cve #privesc
0x44.xyz/blog/cve-202... #infosec #cve #privesc
"Fixing Security Vulnerabilities with AI in OSS-Fuzz"
arxiv.org/abs/2411.03346 #infosec #ai #fuzzing #oss-fuzz
arxiv.org/abs/2411.03346 #infosec #ai #fuzzing #oss-fuzz
Fixing Security Vulnerabilities with AI in OSS-Fuzz
Critical open source software systems undergo significant validation in the form of lengthy fuzz campaigns. The fuzz campaigns typically conduct a biased random search over the domain of program input...
arxiv.org
May 24, 2025 at 12:17 PM
"Fixing Security Vulnerabilities with AI in OSS-Fuzz"
arxiv.org/abs/2411.03346 #infosec #ai #fuzzing #oss-fuzz
arxiv.org/abs/2411.03346 #infosec #ai #fuzzing #oss-fuzz
"Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE"
karmainsecurity.com/dont-call-th... #infosec #rce #vbulletin
karmainsecurity.com/dont-call-th... #infosec #rce #vbulletin
Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
karmainsecurity.com
May 23, 2025 at 4:34 PM
"Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE"
karmainsecurity.com/dont-call-th... #infosec #rce #vbulletin
karmainsecurity.com/dont-call-th... #infosec #rce #vbulletin
ZathuraDbg: An emulation based tool for learning and debugging assembly.
github.com/ZathuraDbg/Z... #infosec
github.com/ZathuraDbg/Z... #infosec
GitHub - ZathuraDbg/ZathuraDbg: An emulation based tool for learning and debugging assembly.
An emulation based tool for learning and debugging assembly. - ZathuraDbg/ZathuraDbg
github.com
May 22, 2025 at 4:53 PM
ZathuraDbg: An emulation based tool for learning and debugging assembly.
github.com/ZathuraDbg/Z... #infosec
github.com/ZathuraDbg/Z... #infosec
"Compromising Real-WorldLLM-Integrated Applications with Indirect Prompt Injection"
arxiv.org/pdf/2302.12173
arxiv.org/pdf/2302.12173
arxiv.org
May 21, 2025 at 3:34 PM
"Compromising Real-WorldLLM-Integrated Applications with Indirect Prompt Injection"
arxiv.org/pdf/2302.12173
arxiv.org/pdf/2302.12173
"What a Binance CAPTCHA solver tells us about today’s bot threats"
blog.castle.io/what-a-binan... #infosec #captcha
blog.castle.io/what-a-binan... #infosec #captcha
What a Binance CAPTCHA solver tells us about today’s bot threats
In this post, we analyze an open-source CAPTCHA solver designed to bypass a custom challenge deployed on Binance, one of the most popular crypto platforms. While the solver is publicly available, we’v...
blog.castle.io
May 20, 2025 at 1:18 PM
"What a Binance CAPTCHA solver tells us about today’s bot threats"
blog.castle.io/what-a-binan... #infosec #captcha
blog.castle.io/what-a-binan... #infosec #captcha
Reposted by 𝚑𝚐𝟾
Three Trail of Bits engineers audited core Go cryptography for a month and found only one low-sev security issue... in unsupported Go+BoringCrypto! 🍾
Years of efforts on testing, limiting complexity, safe APIs, and readability have paid off! ✨
Yes I am taking a victory lap. No I am not sorry. 🏆
Years of efforts on testing, limiting complexity, safe APIs, and readability have paid off! ✨
Yes I am taking a victory lap. No I am not sorry. 🏆
Go Cryptography Security Audit
Go's cryptography libraries underwent an audit by Trail of Bits. Read more about the scope and results.
go.dev
May 19, 2025 at 7:08 PM
Three Trail of Bits engineers audited core Go cryptography for a month and found only one low-sev security issue... in unsupported Go+BoringCrypto! 🍾
Years of efforts on testing, limiting complexity, safe APIs, and readability have paid off! ✨
Yes I am taking a victory lap. No I am not sorry. 🏆
Years of efforts on testing, limiting complexity, safe APIs, and readability have paid off! ✨
Yes I am taking a victory lap. No I am not sorry. 🏆
"DDoSecrets publishes 410 GB of heap dumps, hacked from TeleMessage's archive server"
micahflee.com/ddosecrets-p...
micahflee.com/ddosecrets-p...
DDoSecrets publishes 410 GB of heap dumps, hacked from TeleMessage's archive server
This morning, Distributed Denial of Secrets published 410 GB of data hacked from TeleMessage, the Israeli firm that makes modified versions of Signal, WhatsApp, Telegram, and WeChat that centrally arc...
micahflee.com
May 20, 2025 at 10:36 AM
"DDoSecrets publishes 410 GB of heap dumps, hacked from TeleMessage's archive server"
micahflee.com/ddosecrets-p...
micahflee.com/ddosecrets-p...
"Dolla dolla bill, y'all" - Reverse engineering a banknote validator.
something.fromnothing.blog/posts/dolla-... #infosec #reverseengineering
something.fromnothing.blog/posts/dolla-... #infosec #reverseengineering
May 19, 2025 at 8:28 AM
"Dolla dolla bill, y'all" - Reverse engineering a banknote validator.
something.fromnothing.blog/posts/dolla-... #infosec #reverseengineering
something.fromnothing.blog/posts/dolla-... #infosec #reverseengineering
"Commit Stomping: Manipulating Git Histories to Obscure the Truth"
blog.zsec.uk/commit-stomp... #infosec #redteam
blog.zsec.uk/commit-stomp... #infosec #redteam
Commit Stomping
Manipulating Git Histories to Obscure the Truth
blog.zsec.uk
May 19, 2025 at 8:11 AM
"Commit Stomping: Manipulating Git Histories to Obscure the Truth"
blog.zsec.uk/commit-stomp... #infosec #redteam
blog.zsec.uk/commit-stomp... #infosec #redteam
"Stateful Connection With Spoofed Source IP — NetImpostor"
Tl;Dr: Writeup reviews the technique for establishing a full stateful TCP connection with a spoofed source IP address from the same subnet using ARP poisoning.
tastypepperoni.medium.com/stateful-con... #infosec
Tl;Dr: Writeup reviews the technique for establishing a full stateful TCP connection with a spoofed source IP address from the same subnet using ARP poisoning.
tastypepperoni.medium.com/stateful-con... #infosec
Stateful Connection With Spoofed Source IP — NetImpostor
Overview
tastypepperoni.medium.com
May 18, 2025 at 9:12 AM
"Stateful Connection With Spoofed Source IP — NetImpostor"
Tl;Dr: Writeup reviews the technique for establishing a full stateful TCP connection with a spoofed source IP address from the same subnet using ARP poisoning.
tastypepperoni.medium.com/stateful-con... #infosec
Tl;Dr: Writeup reviews the technique for establishing a full stateful TCP connection with a spoofed source IP address from the same subnet using ARP poisoning.
tastypepperoni.medium.com/stateful-con... #infosec