The first part of the blog series: #Iconv, set the charset to RCE. We'll use #PHP filters and #CVE-2024-2961 to get a very stable code execution exploit from a file read primitive. #cnext

🔔 New research from Lexfo on pre- & post-authentication vulnerabilities in WSO2 products — uncovering bypasses, RCE, SSRF, CSRF, and account-takeover risks. See our detail article → https://t.co/1jNmsIhdZl #cybersecurity #infosec #offensivesecurity #pentest #WSO2

This article by Nicolas Stefanski at Synacktiv provides a high quality technical overview of our hardened_malloc project used in GrapheneOS: https://t.co/VmpQGTZSDE It has great coverage of the memory layout, memory tagging integration, slab quarantines and allocation approach.

lightyear just got 6 times faster! Although I now work at @Synacktiv, I proposed a PR for the tool to support threading and compression, greatly reducing the time required to dump a file. Dumping the demo /etc/passwd now takes 48s instead of 5m30. https://t.co/d7n4baN12a

Check out our first blog post about V8 CVE-2024-12695:

Just finished my talk at #securityfest, you can find all the details in my latest blog post:

🚨 New unauthenticated #RCE module for vBulletin 5.1.0-6.0.3 landed in Metasploit! No CVE assigned, but credit to Egidio Romano (EgiX) for the original write-up: https://t.co/qxmvpU6l43 🔗 PR: https://t.co/j1G7wp2L9Z

Synacktiv is looking for an additional team leader in Paris for its Reverse-Engineering Team! Find out if you are a good candidate by reading our offer (🇫🇷). https://t.co/Djr5KdvCH5

The subtitle of this blog is "a plea to security news outlets to please do their due diligence before slapping 'exploited in the wild' headlines on new CVEs"

#vulhub #CyberSecurity #opensource #infosec Announcing some exciting news from the Vulhub project! We've been busy making big improvements: 1⃣. Completely rebuilt our website from the ground up! Check it out: https://t.co/fMkOD9YXuL

Passionate about hacking & cybersecurity? Airbus is looking for a Vulnerability Research & Exploitation Specialist in France! 💻 Reverse engineering, Red Teaming ✈️Join a global aerospace & defense leader Apply now! 🚀 https://t.co/wheJECIvtJ

Great new PHP research, especially since it uses both wrapwrap and lightyear!

🔥 The "impossible" XXE in PHP? Not so impossible anymore. Our researcher Aleksandr Zhurnakov discovered an interesting combination of PHP wrappers and a feature of XML parsing in libxml2 to exploit it. Read: https://t.co/GuW2Vf5qLN

#ten (and thus my exploits) is now compatible with python 3.13. Thanks @acervoise for the heads up.

This year again, I am lucky enough to get nominated twice for the Top Ten Hacking Techniques, for my research on iconv and PHP, and lightyear. This time feels a bit special however, as these are my last blog posts on @ambionics. https://t.co/arnuvdqxCq https://t.co/8mcXRSfKSt

🧵My latest blog post is live 🔥 Read it to learn what SafeMarshal is and *two* very different ways to escape and get RCE! https://t.co/OxRAkwhFp7

https://t.co/FnW3P3zidk

🔐 CVE-2024-50340: Ability to change environment from query ➡️ https://t.co/ittWVy2JjE #symfony

LIGHTYEAR: - Can dump large files, even through a GET parameter - Retrieves characters using dichotomy - Does not cause PHP warnings

We're proud to announce LIGHTYEAR, a tool that let you dump files, blind, in PHP, based on a new algorithm. https://t.co/GG4tSNnUCf

My #DEFCON32 talk is out. https://t.co/gZiH4noR8I