pentestercrab 的提交内容

Talkback: Keeping up with the pwnses, a next gen infosec resource aggregator

Talkback – infosec resource aggregator of news and research

PHP filter chains: file read from error-based oracle

PHP Development Server <= 7.4.21 – Remote Source Disclosure

Viewing Secrecy Through “Blank Spots on the Map” (2009)

The search for the “perfect” Advent Calendar (2018)

RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass

Reverse Branch Target Buffer Poisoning – New ASLR Bypass via CPU Vulns [pdf]

The latest OpenSSL vulns were added fairly recently

It Pays to Be Circomspect

Attacking Firecracker: AWS' MicroVM Monitor Written in Rust

Multiple vulnerabilities in Nuki smart locks

Golang Code Review Notes by Elttam

Notes on OpenSSL remote memory corruption by Guido Vranken

ESP-IDF Setup Guide – Setting up an environment for ESP32 vulnerability research

Round Two: An Updated Universal Deserialisation Gadget for Ruby 2.x-3.x

Git honours embedded bare repos and exploitation via core.fsmonitor

Ruby Deserialization Exploitation – New Gadget Chain for Ruby on Rails

Exploitation via Git embedded bare repos and core.fsmonitor, affects IDEs

Impossible color – Claimed evidence of ability to see colors not in color space

Bypass of allowedLdapHost check in Log4j 2.15.0 – Log4Shell (CVE-2021-44228)

The search for the “perfect” Advent Calendar (involves Python and Processing)

Data Exfiltration via CSS and SVG Font

The status of Ruby memory trimming and how you can help with testing (2019)