In this blog I’ll show how database users commonly created for web applications can be used to escalate privileges in SQL Server when database ownership is poorly configured.

Writeup and POC for CVE-2020-0753, CVE-2020-0754 and six fixed Window DOS Vulnerabilities. - afang5472/CVE-2020-0753-and-CVE-2020-0754

How to use CSV injection AKA Formula injection to embed a malicous payload into to spread sheet.

🏴‍☠️ Tools for pentesting, CTFs & wargames. - 𝚋𝚢 𝚋𝚝𝟹𝚐𝚕 - GitHub - bt3gl-labs/Pentesting-Toolkit: 🏴‍☠️ Tools for pentesting, CTFs & wargames. - 𝚋𝚢 𝚋𝚝𝟹𝚐𝚕

UAC Bypass with mmc via alpc. Contribute to DimopoulosElias/alpc-mmc-uac-bypass development by creating an account on GitHub.

When I’m on an engagement and I’m given a SOE and a domain account, I usually want to use a tool like PowerShell Empire to remotely…

Use CVE-2020-0668 to perform an arbitrary privileged file move operation. - RedCursorSecurityConsulting/CVE-2020-0668

Use the command line or HTTP requests to start/stop the engine and lock/unlock the doors on your Ford vehicle. - d4v3y0rk/ffpass

Interacting with Azure, offensively

As part of my research, I wanted a way to find all the DNS records which points to a particular IP address. Not only should it be fast, it should be cheap as well. If you are a DNS researcher you would know about the Rapid7’s free FDNS dataset.
I was not…

The process of stealing another Windows user’s identity may seem like black magic to some people, but in reality any user who understands how Windows works can pull it off. This blog discusses obtaining local SYSTEM and administrative privileges from an unprivileged…

Hey guys so this blog post is about an Issue in Snapchat's Website, due to Improper Input Validation one can add custom text & urls in SMS send by Snapchat here's a Short POC of the issue.

While researching a bug bounty target, I came across a web application that processed a custom file type which was actually just a ZIP file that contains an XML that functions as a manifest. If handled naively, this packaging pattern creates additional security…

Last October I dived into the world of Jira Software (version 8.4.1) in the hope of discovering new vulnerabilities. Initially, I came…

Understand OGNL Injection attacks and how to exploit Apache Struts. Learn about 2 critical Struts vulnerabilities from this practical write-up.

Local Privilege Escalation in Rapid7’s Windows Insight IDR Agent by Florian Bogner With Insight IDR Rapid7 has created a very powerful, yet …

Introduction In my previous post, I’ve blogged about how Pass-the-Hash is still a nuclear bomb on most networks around the world. Despite that Microsoft has released mitigation guidance&#8217…