InfoSec Blog

smaury

I’m Abdel Adim Oisfi aka smaury.
Job: CEO, Security Researcher, Penetration Tester at Shielder.
Passions: Hacking, hitchhiking, cliff jumping and skinned knees.

How to Decrypt Manage Engine PMP Passwords

By smaury & thezero

05/09/2022

How to Decrypt Manage Engine PMP Passwords for Fun and Domain Admin - a Red Teaming Tale

Learn how to decrypt Manage Engine Password Manager Pro (PMP) passwords after exploiting CVE-2022-35405.

Read more

reversing rce cryptography red teaming

15

Min

1-click RCE on Keybase

By smaury

27/04/2020

1-click RCE on Keybase

Keybase client allowed inject arbitrary links with arbitrary protocols. This caused a Remote Command Execution on Windows and MacOS.

Read more

Keybase Bug Bounty RCE Exploit

5

Min

Exploiting Apache Solr through OpenCMS

By smaury

13/04/2019

Exploiting Apache Solr through OpenCMS

Exploiting a known XXE in Apache Solr through OpenCMS handleSolrSelect, to read arbitrary files from the OpenCMS' server.

Read more

Exploit PoC Apache Solr XXE Encoding OpenCMS

7

Min