InfoSec Blog

Perché la conoscenza

è condivisione.

NotSoSmartConfig example run

20/04/2020

NotSoSmartConfig: broadcasting WiFi credentials Over-The-Air

Security analysis of the SmartConfig procol by Espressif and publishing of the NotSoSmartConfig tool, able to retrieve WiFi credentials from a PCAP.

4

Min

XXE to RCE via XML file opening

24/10/2019

Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …

The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.

6

Min

OpenStack's noVNC XSS

19/10/2019

Exploiting an old noVNC XSS (CVE-2017-18635) in OpenStack

OpenStack was using an old version of noVNC affected by a DOM-based XSS that allowed attackers to steal VM tokens and take over VMs.

4

Min

Exploiting Apache Solr through OpenCMS

13/04/2019

Exploiting Apache Solr through OpenCMS

Exploiting a known XXE in Apache Solr through OpenCMS handleSolrSelect, to read arbitrary files from the OpenCMS' server.

7

Min

Nagios XI 5.5.10 RCE exploit

10/04/2019

Nagios XI 5.5.10: XSS to #

Walkthrough of a 1-click root RCE exploit chain in Nagios XI 5.5.10 by polict: XSS, RCE and local privilege escalation in a single URL click.

5

Min

Webtech Usage

08/03/2019

WebTech, identify technologies used on websites

Release of WebTech, a tool for RECON during Penetration Tests that scan websites and identify technologies and frameworks in use.

2

Min

Frida

04/02/2019

FridaLab – Writeup

Writeup for the FridaLab challenge with a basic introduction to the Frida toolkit on Android.

3

Min

Soluzione del CTF Hacking Contest 2017

31/05/2017

SOLUZIONE Seeweb Hacking Contest 2017: Music Of The Atoms

Soluzione del CTF Hacking Contest 2017: Music Of The Atoms di Seeweb. Scopri come risolvere tutte le challenge del #SeewebContest

5

Min

HITBAMS2017 XSS game by Google writeup

26/04/2017

XSSGame by Google at #HITB2017AMS – Writeup

Walkthrough of the Google XSS Game CTF @ Hack in the Box Amsterdam 2017 (HITBAMS2017): 8 challenges to win a Nexus 5X -- find out how we won it! 🤟🏻

5

Min

Soluzione del CTF di HackInBo 2017

02/04/2017

SOLUZIONE HiB CTF 2017 Spring Edition

Soluzione del CTF di HackInBo 2017 Spring Edition 2017. Scopri come risolvere tutte le challenge!

5

Min