Recent Posts

Posted in Uncategorized

How spending our Saturday hacking earned us 20k

Note: I have personally archived this amazing article due to the fact that the original is no longer available. How spending our Saturday hacking earned…

Continue Reading?
Posted in Exploits Penetration Testing Web Application

ATutor 2.2.4 ‘language_import’ Arbitrary File Upload / RCE (CVE-2019-12169)

This proof of concept is demonstrating a vulnerability in ‘/mods/_core/languages/language_import.php’ that can be used to get remote code execution. The code can be modified to…

Continue Reading?
Posted in Exploits Web Application

eLabFTW 1.8.5 ‘EntityController’ Arbitrary File Upload / RCE (CVE-2019-12185)

I was doing some research last night and I discovered a vulnerability in eLabFTW 1.8.5. So I went ahead and coded a proof of concept…

Continue Reading?
Posted in Exploits Web Application

ATutor 2.2.4 ‘Backup’ Remote Command Execution (CVE-2019-12170)

ATutor-Instructor-Backup-Exploit Exploit Title: ATutor 2.2.4 ‘Backup’ Remote Command Execution Google Dork: inurl:/ATutor/login.php Date: 5/13/2019 Exploit Author: Joseph McPeters Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version:…

Continue Reading?
Posted in Penetration Testing Web Application

Deserialization Exploitation Framework

Deserializer Exploitation Framework * Enumerate the code entry points – What code does the deserializer call on my objects? * Enumerate the immediate gadget pool…

Continue Reading?
Posted in Penetration Testing

OS detection with ping

OS detection with ping: Windows TTL=128 | Linux TTL=64 | Network Equipment= Usually +200 TTL   p.s thanks ipp

Continue Reading?
Posted in Computing Security Web Application

What is Deserialization?

OWASP Description: Data which is untrusted cannot be trusted to be well formed. Malformed data or unexpected data could be used to abuse application logic,…

Continue Reading?
Posted in Computing Security INFOSEC Web Application

Portswigger’s Web Academy Review

I have had the pleasure of testing out Portswigger’s web academy here lately. I just want to say that so far I have enjoyed it….

Continue Reading?
Posted in Computing Security

Should companies make the most of blackhats and reformed hackers?

Organizations are often hesitant to access the talent pool of ex-black hats and reformed hackers. In the age of the cyber skills gap, are they…

Continue Reading?
Posted in Uncategorized

A reformed hacker shares his tips on how to stay safe online

https://www.thenational.ae/lifestyle/a-reformed-hacker-shares-his-tips-on-how-to-stay-safe-online-1.732059 Interesting… A good article. I have considered teaching an ethics class to kids or anyone who would listen. People need to be informed of…

Continue Reading?