Insecure content providers in com.microsoft.launcher While conducting security research,and focusing on Android application userland bugs I uncovered a intresting vulnerability within the com.micro...
ServiceNow Insecure Access Control To Full Admin Takeover
ServiceNow Insecure Access Control leading to Administrator Account Takeover - CVE-2022-43684 In this article, we will discuss a series of vulnerabilities that when exploited in succession, could ...
JetEngine < 3.1.3.1 - Author+ Remote Code Execution
The plugin includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. Proof of Concept - JetEngine Author+ Include() RCE ...
SwitchResX Vulnerability
SwitchResX Vulnerability During my time testing I come across some interesting applications and always wonder how they do some of the communications to various operating systems. One day I came a...
The NTLM Exchange
The NTLM Exchange. Recently Orange Tsai discovered a great chain of bugs leading to remote code execution from an unauthenticated user in Microsoft Exchange which was widely named as Proxylogon (...
XSS Encoding Generator
Quite often @wireghoul bugs me to blog post about various topics and things I have learnt over the years of a penetration testing. So here is the first post of 2021! It is quite short but hopefull...
Enter The Realm
Enter The Realm During my time as a penetration tester who enjoys mobile testing I have come across a number of different databases. These include SQLite, SQLCipher, Firebase and Realm. In one pa...
BadBinder Emulator Root
During a recent mobile audit engagement I was on I was faced with a typical problem that most mobile researchers and bug bounties hunters face. A number of protections were implemented in the mobi...