Note: All testing described in this post was conducted on systems we own. The exploit code referenced is publicly disclosed by the original researcher Hyunwoo Kim (@v4bel) at github.com/V4bel/dirtyfrag, after the disclosure embargo was broken by an unrelated third party. The embargo, the quiet window between a
Note: All testing described in this post was conducted on systems we own or were authorized to test. The exploit code referenced is publicly disclosed by the original researchers, Theori and Xint, at https://copy.fail. For more read the disclaimer here. Theori and Xint disclosed Copy Fail on April
During an authorized security engagement, my team and I accessed a client's entire production environment, starting from just a forgotten server login. This "pivot machine" allowed us direct entry to backend systems. This and similar cases show that organizations focus on siloed defenses but overlook gaps
Note: This has been a part of a controlled environment with permission during a competition. Please refer to the blog's about page for the disclaimer. We want to start this one with a number: nine. That is how many years have passed since the patch for this vulnerability
Note: This has been a part of a controlled environment with permission during a competition. Please refer to the blog's about page for the disclaimer. Few vulnerabilities have rattled the industry the way Log4Shell did. December 2021, a zero-day in one of the most ubiquitous Java logging libraries