Blogs

Exploitation walkthorugh of a tricky stack-based buffer overflow over IFT TLS Vpn protocol

Initial analysis of a pre-auth RCE vulnerability discovered in ivanti IFT TLS VPN protocol

the CVE-2024-50623 is an arbitrary file read and write in Cleo that leads to Pre-Auth RCE

Reverse engineering, authentication bypass and eventually 0day discovery in fortimanager fgfm network protocol

A critical .NET Deserialization vulnerability discoverd in Citrix Session Recording feature and how to trigger it Pre-Auth

ivanti just pushed a patch for a Critical CVSS 9.8 Remote Code Execution Vulnerability that I reported on May 1st 2024, impacting Ivanti Endpoint Manager (EPM)

Chaining three vulnerabilities in Veeam backup and Replication to achieve Pre-Auth RCE over .NET Remoting

I discovered an unauthenticatedagainst the latest version of progress whatsup gold and turned it into authentication bypass, this is the story of CVE-2024-6670

I discovered an unauthenticated path traversal against the latest version of progress whatsup gold and turned it into a pre-auth RCE, following is how I did it, this is the story of CVE-2024-4885

Using a path traversal vulnerability to achieve remote code execution, this is the story of CVE-2024-4883 a pre-auth RCE against progress whatsup gold

Lets analyze a privilege escalation which I found targeting progress whatsup gold, this is the story of CVE-2024-5009

A creative authentication bypass technique that we discovered in MOVEit Transfer, yet another .NET Exploitation Technique

This vulenrability is due to the fact that JWT secret used to generate authentication tokens was a hardcoded value which means an unauthenticated attacker can generate valid tokens for any user (not just the administrator) and login to the Veeam Recovery Orchestrator.

An interesting authentication bypass exploit in Veeam Backup Enterprise Manager

yet another interesting php issue for the lolz

Discovering a zero-day authentication bypass and chaining a .NET deserialization to achieve pre-auth RCE on Progress Report Server

VMWare Aria Operations for Networks Static SSH key RCE (CVE-2023-34039)

An interesting case of Pre-authenticated RCE in VMware vRealize Network Insight (CVE-2023-20887)

Discovering a Pre-Auth Java Deserialization to Remote Code Execution in VMWare NSX Manager

Exploiting three different .NET vulnerabilites in veeam backup and replication CVE-2022-26503,CVE-2022-26504,CVE-2022-26500,CVE-2022-26501