Published on| offsec.almond.consulting
This blog discusses a DLL hijacking vulnerability affecting all versions of Windows Server 2012 (but not Server 2012 R2). This 0-day vulnerability can be exploited for privilege escalation by any regular user and does not require a system reboot, yet it will not be patched by Microsoft.| Vonahi Security's Blog
I had the pleasure to present my research about the IPC mechanisms of Kaspersky products at the IV. EuskalHack conference this weekend. My main motivation for this research was to further explore the attack surface hidden behind the self-defense mechanisms of endpoint security software, and I ended up with a local privilege escalation exploit that could be combined with an older self-defense bypass to make it work on default installations. I hope that the published information helps other cur...| Silent Signal Techblog
On Linux systems, you can include system() from the standard C library to easily shell a Postgres server. The mechanism for Windows is a bit...| zerosum0x0.blogspot.com
Earlier this year our threat researcher found a DLL hijacking flaw affecting Philips SmartControl (CVE-2020-7360). Our latest blog post combines a write-up of this vulnerability with a general introduction to DLL hijacking for infosec students.| Vonahi Security's Blog
Privilege escalation to root can be achieved by a regular user via the password reset form exploiting a directory traversal vulnerability.| cardaci.xyz
Privilege escalation to root can be achieved by a regular user via the file upload handler exploiting an insufficient shell escaping mechanism.| cardaci.xyz
June 20 2023: The wording in this post has been updated to avoid confusion around the use of wildcards in the principal element of an AWS Identity and Access Management (IAM) trust policy statement. November 3, 2022: We updated this post to fix some syntax errors in the policy statements and to add additional use […]| Amazon Web Services
