Local File Read to RCE
During a recent engagement against a web application, a known vulnerability, CVE-2020-35340 was exploited to gain remote code execution on the server hosting the application
Other posts
adversary simulation
Simulated Attack Infrastructure - Building Modules (Part 2)
Attack Infrastructure Automation Part 2 - Terraform module design, software setup and configuration, and operator experience
xxe
Remote compromise: XXE injection on thin client’s web services
During one of our perimeter assessment exercises, we identified and exploited a vulnerability in an in-house developed thin client
adversary simulation
Streamlining Simulated Attack Infrastructures (Part 1)
Attack Infrastructure Automation Part 1 - An overview of our approach, main building blocks and design choices
cve
Blueprint LMS Blind SQL Injection
SilentGrid identified an unauthenticated time-based blind SQL injection in Global Vision Media's Blueprint Learning Management System (LMS)
research
Story From The Trenches: Junction Bug Elevation
An attack path from a recent engagement involving symbolic links
cve
CVE-2021-37749 - Hexagon GeoMedia WebMap 2020 Blind SQL Injection
SilentGrid identified a blind SQL injection vulnerability in Hexagon's GeoMedia WebMap 2020 solution
perimeter assessment
Trial by Internet
Who tries to knock on your server's door(s)
browser
IE11 Exploit for Windows 7 x64
CVE-2017-[0037 and 0059]
cve
CVE to PoC – CVE-2017-0037
PoC exploit for a type confusion issue in Internet Explorer 10, 11 and Edge
browser
CVE to PoC – CVE-2017-0059
PoC exploit for an use-after-free bug in IE
cve
CVE to PoC – CVE-2016-0450
A Proof of Concept exploit for CVE-2016-0450 in Oracle GoldenGate