dls

My @securitytrails #reconmaster methodology/thoughts in a thread. I started somewhat late, many people already in the millions of hosts discovered. My first instinct was to automate the submission of Certstream data. 1/n

Team Oceania is seeking sponsors for the 2025 International Cybersecurity Challenge! Support top 🇦🇺🇳🇿 cyber talent and showcase your brand on the world stage. Learn more: oceaniacc.com or send me a message. #cybersecurity #ICSC2025 #infosec

We’re stoked to announce that @sk8boardingdog – Australia’s top CTF team – are writing and hosting the BSides Canberra 2025 CTF! 🐶🛹💻 They’ve won our CTF 3 years running, and now they’re bringing their skills to make this year’s comp unforgettable. cfp.bsidescbr.com.au/bsides-canberr…

New blog post: New Method to Leverage Unsafe Reflection and Deserialisation and gain RCE on Rails elttam.com/blog/rails-sql…

The Fetch API supports Blob objects as request bodies, not just strings! Blobs can omit a type, enabling cross-site POST requests without a Content-Type header. Even with non-empty bodies, the Blob's data becomes the request body! (credit: @lukejahnke)

New Blog post: DUCTF 2024 ESPecially Secure Boot Writeup elttam.com/blog/ductf24-e…

Our security researcher @hash_kitten found one of the most critical exploit chains in the history of @assetnote. Affecting 40k+ instances of ServiceNow, we could execute arbitrary code, access all data without authentication. You can read our blog here: assetnote.io/resources/rese…

New blog post and tool release: plORMbing your Prisma ORM with Time-based Attacks elttam.com/blog/plorming-… and github.com/elttam/plormbe…

Australia's largest online CTF competition now welcomes New Zealand in July 2024! With 4200+ users and 2000+ teams as of 2023, it aims to up-skill the next generation of Cyber Security Professionals. Prize eligibility now includes Aussie and NZ students! #CTF #DownUnderCTF

Blog is live, for now there is a quick puzzle to get to the posts nastystereo.com

New slides: Causing Funky Things in your NodeJS Servers by @GhostCcamm (Ruxmon) github.com/elttam/publica…

🎁 Source Code Disclosure in IIS 10.0! Almost. There is a method to reveal the source code of some .NET apps. Here's how it works. 👉 swarm.ptsecurity.com/source-code-di…

New blog post: PwnAssistant - Controlling /home's via a Home Assistant RCE elttam.com/blog/pwnassist…

Today we're releasing a public beta of Talkback, a smart infosec resource aggregator to help you keep up with news and research. Please visit talkback.sh and give it a try! We'll be releasing new features and improvements over time.

New blog post and tool: Cracking the Odd Case of Randomness in Java, by @josep68_ elttam.com/blog/cracking-…

A few months ago, we reported a pre-auth Remote Code Execution #RCE vulnerability to @vBulletin. The exploitation of this unserialize() bug was tricky, as vBulletin classes are not deserialisable. Discover the exploitation in our latest blogpost: ambionics.io/blog/vbulletin…

Happy new year! We're excited to welcome dls / @putersarehard to the team today.

we pwned @Tailscale❤️ ft. @JJJollyjim emily.id.au/tailscale

This is the technical writeup in how we found and exploited the CVE-2022-41343 (RCE via Phar Deserialisation in Dompdf <= v2.0.0). We presented this vulnerability at Ruxmon September and we are finally doing the public disclosure! I hope you like it ;-) tantosec.com/blog/cve-2022-…

Wizards... reddit.com/r/programmerhu…

One of the weirdest struggles in OffSec is teaching people to think like criminals and not like pentesters.