Andrea Santese

@pfiatde Not so different from what already published 6 months ago! link.medium.com/N8nQlm0gRAb

Obscurities with MS Teams MS Teams does not verify most of the messages, which allows to do some strange things. Strangest behaviour is the crosstenant fileshare, two days late to the party but as the draft was ready releasing anyway. But thats not all :) badoption.eu/blog/2023/06/2…

@ihackbanme I don't think it's a new account takeover. This is exactly what we did 5 years ago. youtu.be/94dQ8UGbpaY

How to avoid this WhatsApp account takeover? 1. Make sure that your voicemail pincode is not the default pincode. 2. Setup 2FA pincode on your WhatsApp

The recent WhatsApp accounts takeover is simple and genius. This is how it works: You're sleeping. A "hacker" tries to login to your account via WhatsApp. You get a text message with a pincode that says "Do not share this". You don't share it, yet you still get hacked. How?

After a bit of research it came out that it's possible to leverage Teams functionalities for a better phishing scenario. The idea is using it as an alternative way of initial access. Hope it can help some red team guys out there! posts.inthecyber.com/leveraging-mic…

@ivane7227 @mrd0x Well done Ivan, to you and to the other guys you work with at Universita del Salento. I've always said that "Nui simu li meju" 💪

@mrd0x Well done but bleepingcomputer.com also correctly rectified that this specific attack was already defined a year ago (read UPDATE) bleepingcomputer.com/news/security/… and was described here: link.springer.com/article/10.100… Can you quote our job? It's correct about us.

Steal Credentials & Bypass 2FA Using noVNC mrd0x.com/bypass-2fa-usi…

If anyone ever tells you XSS is lame and not a serious vulnerability, show them this video! youtube.com/watch?v=NZmZid…

Here is my RCE exploit code and writeup for (CVE-2021-21974) VMware ESXi OpenSLP heap-overflow discovered by @_wmliang_. Thank you again for your write-up. [PoC] github.com/straightblast/… [writeup] straightblast.medium.com/my-poc-walkthr…

I've built a PoC for CVE-2021-31166 the "HTTP Protocol Stack Remote Code Execution Vulnerability": github.com/0vercl0k/CVE-2… 🔥🔥

GitLab disclosed a bug submitted by @wcbowling: hackerone.com/reports/1154542 - Bounty: $20,000 #hackerone #bugbounty

I developed a Remote Code Execution PoC exploit for the Exim Use-After-Free that was recently disclosed (as part of @qualys 21Nails advisory). Tested just on Exim 4.92. PoC available: github.com/lockedbyte/CVE…

Just published a remote shellcode loader I've been working on to show why we shouldn't rely solely on real-time injection alerting. Writeup in a few days :) My C sucks so it's a "PoC". github.com/xinbailu/DripL…

After several weeks of work, it's finally there!🔥 Introducing PPLdump, a tool for dumping PPL processes with a Userland exploit!😈 👉Post 1: itm4n.github.io/lsass-runasppl/ 👉Post 2: blog.scrt.ch/2021/04/22/byp… 👉Tool: github.com/itm4n/PPLdump Credit goes to @tiraniddo for the technique.

I found a zero click vulnerability in Apple Mail. Here are the details and story behind it: mikko-kenttala.medium.com/zero-click-vul… #infosec #vulnerability #apple

Hey all! first blog post. Are the popular fuzzers just for binary exploitation? In this blog post I outline how you can find logic issues in web-related regular expressions using differential fuzzing. (spoiler: 29 lines of python using Google Atheris) defparam.medium.com/finding-issues…

High-level approaches for finding vulnerabilities < a very well written vulnerability research primer written by @jackson_t in 2017 (but still 100% relevant today) jackson-t.ca/finding-vulner…

My first ever blog post: Anatomy of an Exploit: RCE CVE-2020-1350 #SIGRed. RCE PoC included, for research purposes. This was my first userland Windows heap exploit and I hope a deep dive into the process will help others. Patch or apply the workaround. graplsecurity.com/post/anatomy-o…

A short post to address an exploit chain I did in last year. Both slides and YouTube video are online now - A Journey Combining Web Hacking and Binary Exploitation in Real World! blog.orange.tw/2021/02/a-jour…

Just Published a write-up. "The Secret Parameter, LFR, and Potential RCE in NodeJS Apps" blog.shoebpatel.com/2021/01/23/The… #bugbountytip #BugBounty #NodeJS #ctf

Portable Data exFiltration: XSS for PDFs by @garethheyes #BHEU portswigger.net/research/porta…

If anyone needs a referrer spoof in a GET request :) bugs.chromium.org/p/chromium/iss…