shubs
@shubs.io
📤 1742
📥 155
📝 8
Co-founder, security researcher. Building an attack surface management platform,
@assetnote.io
reposted by
shubs
Sam Curry
9 months ago
New blog post with
@shubs.io
: We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely. Full post here:
samcurry.net/hacking-subaru
loading . . .
Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel
On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK admin panel that gave us unrestricted access to all vehicles and customer accounts in the United State...
https://samcurry.net/hacking-subaru
5
73
36
reposted by
shubs
Michael Stepankin
9 months ago
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more!
github.blog/security/vul...
1
28
16
reposted by
shubs
modzero
9 months ago
We broke something: in a recent pentest on a hardened target, we were able to achieve unauthenticated Remote Code Execution (RCE) via Server-Side Template Injection (SSTI) in a Spring Boot application We wrote it down for you to try at home:
modzero.com/en/blog/spri...
loading . . .
Exploiting SSTI in a Modern Spring Boot Application (3.3.4)
https://modzero.com/en/blog/spring_boot_ssti/
1
19
8
reposted by
shubs
James Kettle
9 months ago
Nominations are now open for the Top 10 Web Hacking Techniques of 2024! Browse the contestants and submit your own here:
portswigger.net/research/top...
loading . . .
Top ten web hacking techniques of 2024: nominations open
Nominations are now open for the top 10 new web hacking techniques of 2024! Every year, security researchers from all over the world share their latest findings via blog posts, presentations, PoCs, an
https://portswigger.net/research/top-ten-web-hacking-techniques-of-2024-nominations-open
1
28
23
reposted by
shubs
Louis Nyffenegger
10 months ago
I put together a VERY limited (for now) list of web hackers in a Starter pack:
go.bsky.app/9uay4Ad
A lot of people are missing (I will try to add more as I find them) but make sure you follow people already in the list!
add a skeleton here at some point
3
31
14
reposted by
shubs
Caitlin Condon
10 months ago
Rapid7 analysis of Apache
#Struts
2 CVE-2024-53677 here via research lead Ryan Emmons — highlights: * No, this isn't really being successfully exploited in the wild * Payloads need to be customized to the target * The 'fixed' version *does not* remediate the vuln
attackerkb.com/assessments/...
loading . . .
remmons-r7's assessment of CVE-2024-53677 | AttackerKB
CVE-2024-53677 is a flawed upload logic vulnerability in Apache Struts 2. The vulnerability permits an attacker to override internal file upload variables in a…
https://attackerkb.com/assessments/28f08c0a-702c-4ab0-99cb-eea00202fa2c
2
22
12
reposted by
shubs
Assetnote
10 months ago
Last month, our Security Research team discovered and disclosed a critical pre-authentication RCE in CraftCMS (CVE-2024-56145). You can read our blog post on the issue here:
assetnote.io/resources/re...
#attacksurfacemanagement
0
9
5
We recently focused on CVE-2024-8534, a vulnerability that can cause DoS or memory corruption, pre-auth on Citrix NetScaler. You can read our research and analysis here:
www.assetnote.io/resources/re...
loading . . .
Citrix Denial of Service: Analysis of CVE-2024-8534
An analysis of CVE-2024-8534, a memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway.
https://www.assetnote.io/resources/research/citrix-denial-of-service-analysis-of-cve-2024-8534
10 months ago
0
5
2
reposted by
shubs
Luke Jahnke
10 months ago
My latest blog post is live! Check your Ruby on Rails applications for the use of params[:_json]
nastystereo.com/security/rai...
1
34
16
reposted by
shubs
ϻг_ϻε
10 months ago
Here is a great follow up blog post to my blog Remote Code Execution with Spring properties written by Elliot Ward:
snyk.io/articles/rem...
loading . . .
Remote Code Execution with Spring Boot 3.4.0 Properties | Snyk
this article introduces two methods for leveraging Logback configuration to achieve Remote Code Execution (RCE) in Spring Boot applications. These techniques are effective on the latest version of Spr...
https://snyk.io/articles/remote-code-execution-with-spring-boot-3-4-0-properties/
0
21
8
This is really great research by
@ryotak.net
- I appreciated that he covered some of his experiments along the way, and how he landed on a finely tuned way of finding a 12-char hash collision with a command injection payload at the end.
flatt.tech/research/pos...
loading . . .
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection
Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc. A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router.1 After ac...
https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/
10 months ago
1
18
5
reposted by
shubs
Luke Jahnke
10 months ago
My latest blog post is live!
nastystereo.com/security/cro...
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
3
79
33
This is amazing. I’ve been in this scenario several times where the good old days of dropping a JSP file is not possible.
add a skeleton here at some point
10 months ago
1
11
0
reposted by
shubs
James Kettle
11 months ago
The "bug bounty hunters and content creators" starter pack is now up to 60 users! Follow this to get instantly connected to the bug bounty community & let me know if I've missed you off!
go.bsky.app/GD7hKPX
loading . . .
Bug bounty hunters & content creators
Join the conversation
https://go.bsky.app/GD7hKPX
19
87
26
reposted by
shubs
Bitquark
11 months ago
I've just updated Shortscan to support reading a list of URLs to scan from a file (and included a minor bugfix). Feedback welcome! The latest version is v0.9.2 and can be found on Github:
github.com/bitquark/sho...
loading . . .
GitHub - bitquark/shortscan: An IIS short filename enumeration tool
An IIS short filename enumeration tool. Contribute to bitquark/shortscan development by creating an account on GitHub.
https://github.com/bitquark/shortscan
4
36
8
queued up tonight but just missed out, if anyone is selling tickets, looking for two tickets to ccc
#38c3
11 months ago
0
5
2
reposted by
shubs
0xacb
11 months ago
The latest album from
@ytcracker.bsky.social
is so good
loading . . .
Advertising Neals
YTCracker · Album · 2024 · 17 songs
https://open.spotify.com/album/4KqE9yg9QP1C7lumAQrQBV?si=cIywAXx6TIOfrssEjaneSA
4
17
6
Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE. Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here:
assetnote.io/resources/re...
11 months ago
1
51
24
you reached the end!!
feeds!
log in