pyn3rd
@pyn3rd
Followers
13K
Following
3K
Media
205
Statuses
823
Security Researcher&Red Team&Cloud Security. BlackHat&HITB&CanSecWest Speaker.
Leeds, England
Joined February 2016
RT @nirohfeld: We (+@sagitz_ @ronenshh @hillai) found a series of unauthenticated RCEs in core @KubernetesIO project "Ingress-NGINX". The….
0
156
0
It was a genuine pleasure meeting @infosec_au in Sydney and receiving your insightful advice and valuable information. Thank you! Hope to see you again soon!.
2
0
24
RT @artsploit: Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RC….
0
83
0
I truly appreciate @albinowax's kind help in adding both my blog and slides to Web Hacking Techniques 2024.Thank you so much!.
0
1
16
Activiti is a lightweight workflow and Business Process Management (BPM) platform that supports Expression Language expressions within its flows. In this example, I demonstrate how to exploit this feature to trigger RCE in a SpringBoot environment.
2
6
48
I’m developing a DNS server that responds with random IP addresses and tracks response times. It’s designed to handle a high volume of cache-miss queries for DNS caching, like Local DNS Server.
0
1
26
I developed an SSH client rootkit to test EDR detection. When a user logs in, it captures the root password and sends it covertly via a DNS TKEY record. With high daily DNS traffic, EDR systems are unlikely to flag this, as analyzing every query would impact performance.
8
45
370
RT @tonghuaroot: Just read "Make JDBC Attacks Brilliant Again", a fantastic 3-year-old research piece that @pyn3rd recently recommended to….
0
4
0
Demonstration attached here.
#CVE-2024-21733, a Tomcat HTTP Request Smuggling vulnerability, reminds me of the HeartBleed vulnerability, which had a profound impact 10 years ago. In both cases, buffer over-reading is the root cause. Attacker is overwhelmingly likely to skim sensitive data from buffer cache.
0
2
11
2) Simultaneously, on the right side, I mimicked an attacker triggering an HTTP request smuggling attack to steal sensitive data from the memory cache by exploiting buffer over-reading. This is why, to some extent, I consider that this vulnerability has been underestimated.
0
0
3
1) I simulated an administrator logging into the web portal normally on the left side, sending an HTTP request with their credentials in the request body.
1
0
2
#CVE-2024-21733, a Tomcat HTTP Request Smuggling vulnerability, reminds me of the HeartBleed vulnerability, which had a profound impact 10 years ago. In both cases, buffer over-reading is the root cause. Attacker is overwhelmingly likely to skim sensitive data from buffer cache.
2
45
249
The poisoning of an open-source event indeed grabs the community’s attention. Yet, who should perform due diligence to ensure the security of a non-profit project?.
After reading about the recent xz backdoor event, it spontaneously brought back memories of the Log4shell vulnerability. In 2021, I delved into the archived issues of the Log4J2 project, where I uncovered a striking issue related to the JNDI appender with the patch code attached
1
1
11