CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files

A recently disclosed CVE for the Orthanc DICOM server can be used to obtain Remote Code Execution. As a PoC was not available, we wrote one.

AWS CodeBuild + S3 == Privilege Escalation

How to escalate your privileges in AWS by abusing CodeBuild and S3 permissions.

How to Decrypt Manage Engine PMP Passwords for Fun and Domain Admin - a Red Teaming Tale

Learn how to decrypt Manage Engine Password Manager Pro (PMP) passwords after exploiting CVE-2022-35405.

Printing Fake Fiscal Receipts - An Italian Job p.2

Reverse engineering and analysis of a fiscal printer device for fun and (real) profit.

Printing Fake Fiscal Receipts - An Italian Job p.1

Reverse engineering and analysis of a fiscal printer device for fun and (real) profit.

A Sneak Peek into Smart Contracts Reversing and Emulation

Introduction to web3 security, Smart Contract Reversing (bytecode and decompiled code level) and EVM emulation with Qiling.

Reversing embedded device bootloader (U-Boot) - p.2

In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.

Reversing embedded device bootloader (U-Boot) - p.1

In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.

QilingLab – Release

Release of the QilingLab challenge.

Hunting for bugs in Telegram's animated stickers remote attack surface

polict's 2020 journey in researching the lottie animation format, its integration in mobile apps and the vulnerabilities triggerable by a remote attacker against any Telegram user.