Ayrix Bytes

🔹 Cyber Apocalypse 2023 writeup 📆 Thu, 23 Mar 2023 14:57:58 GMT #️⃣ #ctf_writeup #hacking #bug_bounty #hackthebox_writeup #hackthebox

🔹 Unicode Normalization Leads to Account Takeover 📆 Thu, 23 Mar 2023 15:25:08 GMT #️⃣ #penetration_testing #bug_bounty #hacking #cybersecurity #cryptocurrency

🔹 Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation) 📆 2023-03-09 #️⃣ #Local_Privilege_Escalation

🔹 Account Takeover Via Poising Forget Password Port in ASDA 📆 Thu, 23 Mar 2023 13:31:36 GMT #️⃣ #bug_bounty #infosec #security #hunting #vulnerability

🔹 External Trusts Are Evil 📆 2023-03-14 #️⃣ #Active_Directory_Privilege_Escalation

🔹 AD Security Research: Breaking Trust Transitivity 📆 2023-03-14 #️⃣ #Active_Directory_Privilege_Escalation

🔹 OAuth 2.0 Authentication Misconfiguration 📆 2023-03-16 #️⃣ #OAuth

🔹 CHECKMATE 📆 2023-03-16 #️⃣ #Websockets

🔹 SSRF Cross Protocol Redirect Bypass 📆 2023-03-16 #️⃣ #SSRF

🔹 Bypassing PPL in Userland (again) 📆 2023-03-17 #️⃣ #Kernel_hacking

🔹 SSTI leads to RCE on PyroCMS 📆 2023-03-20 #️⃣ #SSTI

🔹 JMX Exploitation Revisited 📆 2023-03-20 #️⃣ #RCE

🔹 Credit card statement disclosure vulnerability in Viseca's eXpense portal 📆 2023-03-20 #️⃣ #IDOR

🔹 Parallels Desktop Toolgate Vulnerability 📆 2023-03-20 #️⃣ #Path_traversal

🔹 Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research 📆 2023-03-20 #️⃣ #Cloud

🔹 How I got access to Essilor International company customer PII INFO by AWS metadata access through SSRF 📆 2023-03-21 #️⃣ #SSRF

🔹 Windows Installer EOP (CVE-2023-21800) 📆 2023-03-21 #️⃣ #Local_Privilege_Escalation

🔹 PHP Filter Chains: File Read From Error-based Oracle 📆 2023-03-21 #️⃣ #Arbitrary_file_read

🔹 Expression DoS Vulnerability Found In Spring - CVE-2023-20861 📆 2023-03-22 #️⃣ #DoS

🔹 API Security & Real Case Sharing 📆 Thu, 23 Mar 2023 12:05:03 GMT #️⃣ #api_security_testing #api_security #owasp_api_security_top_10