Slándáil Research:
Feeds
Feeds
Search
Search Engine
Feed: NCCGroup Blog
Link
Sifting through the spines: identifying (potential) Cactus ransomware victims
Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224)
Puckungfu 2: Another NETGEAR WAN Command Injection
Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise
Technical Advisory – Multiple Vulnerabilities in Nagios XI
Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call
Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100
Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets
Technical Advisory: Insufficient Proxyman HelperTool XPC Validation
Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE-2023-24052)
HITB Phuket 2023 – Exploiting the Lexmark PostScript Stack
LeaPFRogging PFR Implementations
SysPWN – VR for Pwn2Own
Technical Advisory – Nullsoft Scriptable Installer System (NSIS) – Insecure Temporary Directory Usage
Defeating Windows DEP With A Custom ROP Chain
Technical Advisory – Multiple Vulnerabilities in Faronics Insight (CVE-2023-28344, CVE-2023-28345, CVE-2023-28346, CVE-2023-28347, CVE-2023-28348, CVE-2023-28349, CVE-2023-28350, CVE-2023-28351, CVE-2023-28352, CVE-2023-28353)
NETGEAR Routers: A Playground for Hackers?
HITBAMS – Your Not so “Home” Office – Soho Hacking at Pwn2Own
A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM
Making New Connections – Leveraging Cisco AnyConnect Client to Drop and Run Payloads
Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
Puckungfu: A NETGEAR WAN Command Injection
MeshyJSON: A TP-Link tdpServer JSON Stack Overflow
Replicating CVEs with KLEE
Exploring Prompt Injection Attacks
Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)
Technical Advisory – OpenJDK – Weak Parsing Logic in java.net.InetAddress and Related Classes
Technical Advisory – Multiple Vulnerabilities in Juplink RX4-1800 WiFi Router (CVE-2022-37413, CVE-2022-37414)
There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities
SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)
NCC Con Europe 2022 – Pwn2Own Austin Presentations
Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling
Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505)
Technical Advisory – ExpressLRS vulnerabilities allow for hijack of control link
Updated: Technical Advisory and Proofs of Concept – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
Technical Advisory – Multiple Vulnerabilities in Trendnet TEW-831DR WiFi Router (CVE-2022-30325, CVE-2022-30326, CVE-2022-30327, CVE-2022-30328, CVE-2022-30329)
Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
Technical Advisory – FUJITSU CentricStor Control Center
Technical Advisory – SerComm h500s – Authenticated Remote Command Execution (CVE-2021-44080)
Technical Advisory – Kwikset/Weiser BLE Proximity Authentication in Kevo Smart Locks Vulnerable to Relay Attacks
Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks
Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks
Technical Advisory: Ruby on Rails – Possible XSS Vulnerability in ActionView tag helpers (CVE-2022-27777)
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)
BrokenPrint: A Netgear stack overflow
Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228
Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Arbitrary File Deletion
Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Stored XSS
Technical Advisory – SonicWall SMA 100 Series – Multiple Unauthenticated Heap-based and Stack-based Buffer Overflow (CVE-2021-20045)
Technical Advisory – SonicWall SMA 100 Series – Post-Authentication Remote Command Execution (CVE-2021-20044)
Technical Advisory – SonicWall SMA 100 Series – Heap-Based Buffer Overflow (CVE-2021-20043)
Technical Advisory – SonicWall SMA 100 Series – Unauthenticated File Upload Path Traversal (CVE-2021-20040)
Technical Advisory – Authenticated SQL Injection in SOAP Request (CVE-2021-44050)
Technical Advisory – Authenticated SQL Injection in SOAP Request in Broadcom CA Network Flow Analysis (CVE-2021-44050)
Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks
POC2021 – Pwning the Windows 10 Kernel with NTFS and WNF Slides
Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)
Reverse engineering and decrypting CyberArk vault credential files
Technical Advisory – Open5GS Stack Buffer Overflow During PFCP Session Establishment on UPF (CVE-2021-41794)
Technical Advisory – NULL Pointer Derefence in McAfee Drive Encryption (CVE-2021-23893)
Technical Advisory – Garuda Linux Insecure User Creation (CVE-2021-3784)
CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 2
Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)
CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 1
Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)
Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0
Exploit mitigations: keeping up with evolving and complex software/hardware
Technical Advisory – ParcelTrack sends all pasteboard data to ParcelTrack’s servers on startup
SAML XML Injection
Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)
Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches