ϻг_ϻε

General Graboids: Worms and Remote Code Execution in Command & Conquer — Atredis Partners [this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the popular online game Command & Conquer: Generals. We…

Command & Conquer'd: worming RCEs through a classic multiplayer game. Check out the full writeup from our @districtcon.bsky.social Junkyard submission here:
www.atredis.com/blog/2026/1/...
By @droner.bsky.social and @jordan9001.bsky.social

#Security #modding #rce

Oh I nearly forgot about this platform

@steven.srcincite.io did some cool stuff, check it out!

srcincite.io/blog/2026/01...

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.

If you're using ruby-saml or omniauth-saml for SAML authentication make sure to update these libraries as fast as possible! Fixes for two critical authentication bypass vulnerabilities were published today (CVE-2025-25291 + CVE-2025-25292).

github.blog/security/sig...

A close-in image of a protoplanetary disc around a newly formed star. Many different wavelengths of light are combined and represented by separate and various colors. A dark line across the center is the disc, made of opaque dust: the star is hidden in here and creates a strong glow in the center. A band going straight up is a jet, while other outflows form flares above and below the disc, and a tail coming off to one side.

NEW JWST IMAGE SHOWING A PROTOPLANETARY DISK AROUND A NEWLY FORMED STAR!!! 🤩

Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! github.blog/security/vul...

This is what I love about Chris, authenticity: muffsec.com/blog/abstain.... Btw I couldn’t agree more with his conclusion about the event.

Bitcoin is enemy of culture because it introduces monetary incentive where only prestige belongs.

I wrote a PoC for the recent Ivanti Connect Secure stack buffer overflow, CVE-2025-0282, based on the exploitation strategy watchTowr published, along with an assessment of exploitability given the lack of a suitable info leak to break ASLR: attackerkb.com/assessments/...

What's the point of being rich if you can't afford to do the right thing.

Top ten web hacking techniques of 2024: nominations open Nominations are now open for the top 10 new web hacking techniques of 2024! Every year, security researchers from all over the world share their latest findings via blog posts, presentations, PoCs, an

Nominations are now open for the Top 10 Web Hacking Techniques of 2024! Browse the contestants and submit your own here:
portswigger.net/research/top...

Just unrestricted an issue that shows a fun new attack surface. Android RCS locally transcribes incoming media, making vulnerabilities audio codecs now fully-remote. This bug in an obscure Samsung S24 codec is 0-click

project-zero.issues.chromium.org/issues/36869...

Aleph Bass — an aleph bet song by Darshan :: אלף בית – דרשן YouTube video by Darshan Project

youtu.be/a6EnyQ0Dy50?...

Positive Technologies published two scenarios they encountered during pentests, where they pivot to the internal network thanks to an Internet-facing Exchange server and its numerous SSRF vectors 💎

Nice fail troll

TIL how easy it is to ask curl to dump TLS session keys to disk 🛠️

Simply set the environment variable `SSLKEYLOGFILE=/path/to/file` 😅 Note: it also works for Firefox and Chrome

Extremely useful when combined with Wireshark 👍

CVE-2024-12727 Sophos coming in with an unauthenticated SQLi in their firewall appliance 👏

PentesterLab Blog: Another JWT Algorithm Confusion Vulnerability: CVE-2024-54150 Discover how a code review uncovered a JWT algorithm confusion vulnerability (CVE-2024-54150). Learn key insights to enhance your security skills and spot vulnerabilities effectively.

These are some really nice blog posts regarding algo confusion bugs in JWT by @pentesterlab.com pentesterlab.com/blog/jwt-alg... & pentesterlab.com/blog/another... nice one @snyff.pentesterlab.com!

Life doesn’t need to be complicated

HEXACON2023 - Exploiting Hardened .NET Deserialization by Piotr Bazydło YouTube video by Hexacon

[4/n] My Hexacon 2023 talk about .NET Deserialization. New gadgets, insecure serialization (RCE through serialization) and custom gadgets found in the products codebase.

Talk: www.youtube.com/watch?v=_CJm...

White paper: github.com/thezdi/prese...

I put together a VERY limited (for now) list of web hackers in a Starter pack:

go.bsky.app/9uay4Ad

A lot of people are missing (I will try to add more as I find them) but make sure you follow people already in the list!

It’s a different poc per app that’s vulnerable. Most struts apps that use a vuln framework are probably not vuln because they still need to implement an upload feature in a specific way. TL;DR don’t lose sleep over it.

S2-067 is a fantastic bypass of the patch for S2-066. It uses ONGL to re-write the upload filename property in order to bypass the filename path traversal checks.

PoC: if the target bean is called "UploadFile" the your target parameter is "top.UploadFileFileName". 🤯

screenshot of the CFP on phrack.org

We updated our CFP for Phrack 72! The deadline is now April 1st 2025. Check the site for specifics on how to contribute, as well as some inspiration! We also posted a link to purchase physical copies of Phrack 71, and a donation link too. Enjoy!

phrack.org

wokism is out of control

…and what is your office? My office is that which is in the higher aspirant of the soul - Ma’at

Mexico is always a good idea, though I maybe biased :D

A companion blog to my Bluehat 2024 presentation on OleView.NET is up now. googleprojectzero.blogspot.com/2024/12/wind...