A few interesting issues this week, ranging from a macOS Gatekeeper bypass, some oauth flow issues in Facebook, and even an RCE through the password field.
We start off the week with a crazy driver that exposes some powerful primitives, a use-after-free in curl, we speculate a bit about exploiting a 2-byte information disclosure, and talk about FORCEDENTRY.
This week we've got an awesome chain of attacks in NETGEAR smart switches, a speculative type confusion (Spook.js) and an integer overflow leading to HTTP Request Smuggling
Some drama with the VMWare bounty program, and then a few straight forward vulnerabilities and a really cool Azure Container Instances escape and takeover.
Multiple account takeover vulnerabilities in this episode with three cross-origin communication vulnerabilities in Facebook, an odd OTP endpoint in SnapChat and an open redirect in JetBrains leaking your JWT.
Another short episode this week covering graphql attacks, a couple NoSQL injections, a few misconfigurations and a cool attack to reset monotonic counters on a Mifare card.
Final part of our series on going from the foundations of exploitation development to real-world exploitation. Focusing on the critical skill of discovering and developing your own exploitation strategies in large applications.
From having the foundations of exploit dev you might be wondering how to progress? Well, we argue that you should take some time to learn the basics of vulnerability research.
So you've played some CTFs and got a handle on this exploit dev stuff. This is the start of a three-part series about making the jump into real-world exploitation.