Channel address:
Categories:
Technologies
Language: English
Subscribers:
2.98K
Description from channel
Positive Technologies Offensive Team: twitter.com/ptswarm
This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting
Ratings & Reviews
Reviews can be left only by registered users. All reviews are moderated by admins.
5 stars
0
4 stars
0
3 stars
0
2 stars
1
1 stars
2
The latest Messages 13
2021-04-09 16:23:39
Contextual Content Discovery, presented at BSides Canberra, 2021.
The Assetnote team revealed their research into a novel approach to content discovery, complete with a new wordlist and a new tool.
Contents:
• Overview
• What’s wrong with content discovery?
• Content discovery tools over the years
• The lightbulb moment
• Data collection
• Finding APIs worth bruteforcing
• Preliminary results
• How do I use the tool?
• Conclusion
• Credits
https://blog.assetnote.io/2021/04/05/contextual-content-discovery/
758 views13:23
2021-04-06 17:08:54
Youtube private & unlisted video leak bug-bounty claimed by @xdavidhu. All of the juicy technical details bound together with the thought process behind finding this bug:
https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/
919 views14:08
2021-04-03 13:45:13
"Who Contains the Containers" - @tiraniddo discovered 4 Windows Server Container jailbreaks; Microsoft to NOT support them as a security boundry.
Contents:
• Windows Containers Background
• Origins of the Research
• Research Process
• A Little Bit of Reverse Engineering
• Chaining the Exploits
• Getting the Issues Fixed
• Conclusions
https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html
879 views10:45
2021-04-02 18:15:19
Wormable 0-click macOS Mail arbitrary file write by @Turmio_; Allowed the modification of victim's Mail configuration e.g. setting mail redirects for password recovery, sensitive information disclosure, self propagation via signature.
https://mikko-kenttala.medium.com/zero-click-vulnerability-in-apples-macos-mail-59e0c14b106c
775 viewsedited 15:15
2021-04-01 21:35:47
VMWare fixed an authentication bypass (CVE-2021-21982) in Carbon Black Cloud Workload appliance found by our researcher Egor Dimitrenko.
CVSS: 9.1
Advisory: https://www.vmware.com/security/advisories/VMSA-2021-0005.html
718 views18:35
2021-03-30 22:05:12
VMware fixed CVE-2021-21975 and CVE-2021-21983, which when chained together lead to an unauth RCE in vRealize Operations.
The vulnerabilities were found by our researcher Egor Dimitrenko.
Advisory: https://www.vmware.com/security/advisories/VMSA-2021-0004.html
860 views19:05
2021-03-29 20:07:14
This blog post will describe a class of vulnerability detected in several SSO services assessed by NCC Group, specifically affecting Security Assertion Markup Language (SAML) implementations. The flaw could allow an attacker to modify SAML responses generated by an Identity Provider, and thereby gain unauthorized access to arbitrary user accounts, or to escalate privileges within an application.
Exploit techniques:
• Attribute injections – where the injection occurs in a SAML attribute associated with the account in the Identity Provider.
• InResponseTo injections – where the injection affects the “InResponseTo” attribute of the SAML response.
https://research.nccgroup.com/2021/03/29/saml-xml-injection/
803 views17:07
2021-03-25 17:25:29
Rocket.Chat fixed a persistent XSS found by our researcher Igor Sak-Sakovskiy.
The vulnerability was triggered by sending a text message, resulting in an arbitrary file read or RCE on the recipient's desktop system.
https://hackerone.com/reports/1014459
969 views14:25
2021-03-25 10:21:24
Three brand new OAuth2 and OpenID Connect vulnerabilities discovered by @artsploit with demos on MITREid Сonnect and ForgeRock OpenAM implementations.
Contents:
• Dynamic Client Registration - SSRF by design (CVE-2021-26715)
• "redirect_uri" Session Poisoning (CVE-2021-27582)
• "/.well-known/webfinger" makes all user names well-known
https://portswigger.net/research/hidden-oauth-attack-vectors
913 views07:21
2021-03-24 14:31:49
"H2C Smuggling in the Wild" by @seanyeoh takes a look at real world waf, routing, and access control bypasses in different cloud environments.
Contents:
• HTTP2 Over Cleartext (H2C)
• Exploitation
• Cloudflare
• Azure
• Google Cloud Platform
• Other Cloud Providers
• Takeaways on Security Research
• Assetnote
https://blog.assetnote.io/2021/03/18/h2c-smuggling/
911 views11:31
P
