#privesc — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #privesc, aggregated by home.social.
-
PhantomRPC : une escalade de privilèges cachée dans le mécanisme RPC — un de ces endroits où le système fait confiance à tout le monde par design, jusqu'au jour où quelqu'un tire le bon fil. La disclosure complète est disponible, les détails sont fascinants. Bonne lecture (et bonne session de patching ☕). #infosec #PrivEsc #RPC
https://infosec.pub/post/45515363 -
Just published a proof-of-concept exploit for CVE-2025-32463, a new Linux privilege escalation vulnerability affecting sudo discovered and disclosed by Stratascale about 2 weeks ago.
The PoC is available on GitHub. A full technical writeup will be published on my blog soon.
GitHub: https://github.com/morgenm/sudo-chroot-CVE-2025-32463
#CyberSecurity #ExploitDev #Linux #CVE #PrivilegeEscalation #Infosec #Exploit #Rust #PrivEsc
-
Just published a proof-of-concept exploit for CVE-2025-32463, a new Linux privilege escalation vulnerability affecting sudo discovered and disclosed by Stratascale about 2 weeks ago.
The PoC is available on GitHub. A full technical writeup will be published on my blog soon.
GitHub: https://github.com/morgenm/sudo-chroot-CVE-2025-32463
#CyberSecurity #ExploitDev #Linux #CVE #PrivilegeEscalation #Infosec #Exploit #Rust #PrivEsc
-
Just published a proof-of-concept exploit for CVE-2025-32463, a new Linux privilege escalation vulnerability affecting sudo discovered and disclosed by Stratascale about 2 weeks ago.
The PoC is available on GitHub. A full technical writeup will be published on my blog soon.
GitHub: https://github.com/morgenm/sudo-chroot-CVE-2025-32463
#CyberSecurity #ExploitDev #Linux #CVE #PrivilegeEscalation #Infosec #Exploit #Rust #PrivEsc
-
Just published a proof-of-concept exploit for CVE-2025-32463, a new Linux privilege escalation vulnerability affecting sudo discovered and disclosed by Stratascale about 2 weeks ago.
The PoC is available on GitHub. A full technical writeup will be published on my blog soon.
GitHub: https://github.com/morgenm/sudo-chroot-CVE-2025-32463
#CyberSecurity #ExploitDev #Linux #CVE #PrivilegeEscalation #Infosec #Exploit #Rust #PrivEsc
-
Just published a proof-of-concept exploit for CVE-2025-32463, a new Linux privilege escalation vulnerability affecting sudo discovered and disclosed by Stratascale about 2 weeks ago.
The PoC is available on GitHub. A full technical writeup will be published on my blog soon.
GitHub: https://github.com/morgenm/sudo-chroot-CVE-2025-32463
#CyberSecurity #ExploitDev #Linux #CVE #PrivilegeEscalation #Infosec #Exploit #Rust #PrivEsc
-
Cool and very well done #38c3 talk about privilege escalation vulnerabilities in endpoint security products via COM Hijacking/named pipe communications and RPC by 0x4d5a and k0lj4.
- Talk: https://media.ccc.de/v/38c3-der-schlssel-zur-compromittierung-local-privilege-escalation-schwachstellen-in-av-edrs
- Slides: https://github.com/0x4d5a-ctf/38c3_com_talk -
Cool and very well done #38c3 talk about privilege escalation vulnerabilities in endpoint security products via COM Hijacking/named pipe communications and RPC by 0x4d5a and k0lj4.
- Talk: https://media.ccc.de/v/38c3-der-schlssel-zur-compromittierung-local-privilege-escalation-schwachstellen-in-av-edrs
- Slides: https://github.com/0x4d5a-ctf/38c3_com_talk -
Cool and very well done #38c3 talk about privilege escalation vulnerabilities in endpoint security products via COM Hijacking/named pipe communications and RPC by 0x4d5a and k0lj4.
- Talk: https://media.ccc.de/v/38c3-der-schlssel-zur-compromittierung-local-privilege-escalation-schwachstellen-in-av-edrs
- Slides: https://github.com/0x4d5a-ctf/38c3_com_talk -
Cool and very well done #38c3 talk about privilege escalation vulnerabilities in endpoint security products via COM Hijacking/named pipe communications and RPC by 0x4d5a and k0lj4.
- Talk: https://media.ccc.de/v/38c3-der-schlssel-zur-compromittierung-local-privilege-escalation-schwachstellen-in-av-edrs
- Slides: https://github.com/0x4d5a-ctf/38c3_com_talk -
Jak można było przejąć tysiące urządzeń z systemem Linux – czyli o niefrasobliwych nawykach pentesterów
Uruchamianie programów w formie skryptów oraz binariów to chleb powszedni pentesterów i administratorów. Rozsądek, profesjonalizm oraz dobre praktyki nakazują, aby dokonywać wnikliwego sprawdzenia zawartości uruchamianych programów, by nie wyrządzić szkody w zarządzanym, używanym lub testowanym systemie. Przykład historyczny Wyśmiewani w gronie ludzi zajmujących się bezpieczeństwem tzw. script kiddies już lata...
#WBiegu #Enumeracja #Konto #Linux #Privesc #Supplychain #Windows
-
Jak można było przejąć tysiące urządzeń z systemem Linux – czyli o niefrasobliwych nawykach pentesterów
Uruchamianie programów w formie skryptów oraz binariów to chleb powszedni pentesterów i administratorów. Rozsądek, profesjonalizm oraz dobre praktyki nakazują, aby dokonywać wnikliwego sprawdzenia zawartości uruchamianych programów, by nie wyrządzić szkody w zarządzanym, używanym lub testowanym systemie. Przykład historyczny Wyśmiewani w gronie ludzi zajmujących się bezpieczeństwem tzw. script kiddies już lata...
#WBiegu #Enumeracja #Konto #Linux #Privesc #Supplychain #Windows
-
Jak można było przejąć tysiące urządzeń z systemem Linux – czyli o niefrasobliwych nawykach pentesterów
Uruchamianie programów w formie skryptów oraz binariów to chleb powszedni pentesterów i administratorów. Rozsądek, profesjonalizm oraz dobre praktyki nakazują, aby dokonywać wnikliwego sprawdzenia zawartości uruchamianych programów, by nie wyrządzić szkody w zarządzanym, używanym lub testowanym systemie. Przykład historyczny Wyśmiewani w gronie ludzi zajmujących się bezpieczeństwem tzw. script kiddies już lata...
#WBiegu #Enumeracja #Konto #Linux #Privesc #Supplychain #Windows
-
Jak można było przejąć tysiące urządzeń z systemem Linux – czyli o niefrasobliwych nawykach pentesterów
Uruchamianie programów w formie skryptów oraz binariów to chleb powszedni pentesterów i administratorów. Rozsądek, profesjonalizm oraz dobre praktyki nakazują, aby dokonywać wnikliwego sprawdzenia zawartości uruchamianych programów, by nie wyrządzić szkody w zarządzanym, używanym lub testowanym systemie. Przykład historyczny Wyśmiewani w gronie ludzi zajmujących się bezpieczeństwem tzw. script kiddies już lata...
#WBiegu #Enumeracja #Konto #Linux #Privesc #Supplychain #Windows
-
Jak można było przejąć tysiące urządzeń z systemem Linux – czyli o niefrasobliwych nawykach pentesterów
Uruchamianie programów w formie skryptów oraz binariów to chleb powszedni pentesterów i administratorów. Rozsądek, profesjonalizm oraz dobre praktyki nakazują, aby dokonywać wnikliwego sprawdzenia zawartości uruchamianych programów, by nie wyrządzić szkody w zarządzanym, używanym lub testowanym systemie. Przykład historyczny Wyśmiewani w gronie ludzi zajmujących się bezpieczeństwem tzw. script kiddies już lata...
#WBiegu #Enumeracja #Konto #Linux #Privesc #Supplychain #Windows
-
Absurdalnie prosta do wykorzystania krytyczna podatność w urządzeniach od Palo Alto (unauth RCE jako root). Luka jest już wykorzystywana przez atakujących.
Kolejne zaskakująco proste podatności w PAN-OS są używane przez zewnętrznych aktorów. Badacze z grupy WatchTowr sprawdzili, jakich metod używają przestępcy oraz jakie środki zaradcze podjął producent.
#WBiegu #Authbypass #Paloalto #Privesc #Sslvpn #Unauthrce #Websec
-
Absurdalnie prosta do wykorzystania krytyczna podatność w urządzeniach od Palo Alto (unauth RCE jako root). Luka jest już wykorzystywana przez atakujących.
Kolejne zaskakująco proste podatności w PAN-OS są używane przez zewnętrznych aktorów. Badacze z grupy WatchTowr sprawdzili, jakich metod używają przestępcy oraz jakie środki zaradcze podjął producent.
#WBiegu #Authbypass #Paloalto #Privesc #Sslvpn #Unauthrce #Websec
-
Absurdalnie prosta do wykorzystania krytyczna podatność w urządzeniach od Palo Alto (unauth RCE jako root). Luka jest już wykorzystywana przez atakujących.
Kolejne zaskakująco proste podatności w PAN-OS są używane przez zewnętrznych aktorów. Badacze z grupy WatchTowr sprawdzili, jakich metod używają przestępcy oraz jakie środki zaradcze podjął producent.
#WBiegu #Authbypass #Paloalto #Privesc #Sslvpn #Unauthrce #Websec
-
Absurdalnie prosta do wykorzystania krytyczna podatność w urządzeniach od Palo Alto (unauth RCE jako root). Luka jest już wykorzystywana przez atakujących.
Kolejne zaskakująco proste podatności w PAN-OS są używane przez zewnętrznych aktorów. Badacze z grupy WatchTowr sprawdzili, jakich metod używają przestępcy oraz jakie środki zaradcze podjął producent.
#WBiegu #Authbypass #Paloalto #Privesc #Sslvpn #Unauthrce #Websec
-
🆕 New blog post! "The PrintNightmare is not Over Yet"
ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.
Props to @parzel and @l4x4 who both reported this issue to me.
-
🆕 New blog post! "The PrintNightmare is not Over Yet"
ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.
Props to @parzel and @l4x4 who both reported this issue to me.
-
🆕 New blog post! "The PrintNightmare is not Over Yet"
ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.
Props to @parzel and @l4x4 who both reported this issue to me.
-
🆕 New blog post! "The PrintNightmare is not Over Yet"
ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.
Props to @parzel and @l4x4 who both reported this issue to me.
-
🆕 New blog post! "The PrintNightmare is not Over Yet"
ℹ️ In this article, I take a look back at a previous post I wrote earlier this year about PrintNightmare. It turns out the Point and Print configuration I recommended at the end is still prone to Man-in-the-Middle attacks. So, I discuss that here, as well as additional mitigation I considered.
Props to @parzel and @l4x4 who both reported this issue to me.
-
Another cool blog post by @sploutchy (Compass Security)
"COM Cross-Session Activation"
Quick read, and straight to the point. This article provides a real-life example (Google Updater service here) showing one way to exploit a COM class for local privilege escalation on Windows. 👌
👉 https://blog.compass-security.com/2024/10/com-cross-session-activation/
-
Another cool blog post by @sploutchy (Compass Security)
"COM Cross-Session Activation"
Quick read, and straight to the point. This article provides a real-life example (Google Updater service here) showing one way to exploit a COM class for local privilege escalation on Windows. 👌
👉 https://blog.compass-security.com/2024/10/com-cross-session-activation/
-
Another cool blog post by @sploutchy (Compass Security)
"COM Cross-Session Activation"
Quick read, and straight to the point. This article provides a real-life example (Google Updater service here) showing one way to exploit a COM class for local privilege escalation on Windows. 👌
👉 https://blog.compass-security.com/2024/10/com-cross-session-activation/
-
Another cool blog post by @sploutchy (Compass Security)
"COM Cross-Session Activation"
Quick read, and straight to the point. This article provides a real-life example (Google Updater service here) showing one way to exploit a COM class for local privilege escalation on Windows. 👌
👉 https://blog.compass-security.com/2024/10/com-cross-session-activation/
-
Another cool blog post by @sploutchy (Compass Security)
"COM Cross-Session Activation"
Quick read, and straight to the point. This article provides a real-life example (Google Updater service here) showing one way to exploit a COM class for local privilege escalation on Windows. 👌
👉 https://blog.compass-security.com/2024/10/com-cross-session-activation/
-
How COM Cross-Session Activation on Windows works and how it can be used for privilege escalation with an example of Google Chrome: https://blog.compass-security.com/2024/10/com-cross-session-activation/ #windows #privesc #pentest
-
How COM Cross-Session Activation on Windows works and how it can be used for privilege escalation with an example of Google Chrome: https://blog.compass-security.com/2024/10/com-cross-session-activation/ #windows #privesc #pentest
-
How COM Cross-Session Activation on Windows works and how it can be used for privilege escalation with an example of Google Chrome: https://blog.compass-security.com/2024/10/com-cross-session-activation/ #windows #privesc #pentest
-
How COM Cross-Session Activation on Windows works and how it can be used for privilege escalation with an example of Google Chrome: https://blog.compass-security.com/2024/10/com-cross-session-activation/ #windows #privesc #pentest
-
How COM Cross-Session Activation on Windows works and how it can be used for privilege escalation with an example of Google Chrome: https://blog.compass-security.com/2024/10/com-cross-session-activation/ #windows #privesc #pentest
-
Autobloody dockerized
"This tool automates the AD privesc between two AD objects, the source (the one we own) and the target (the one we want) if a privesc path exists in BloodHound database."
-
Autobloody dockerized
"This tool automates the AD privesc between two AD objects, the source (the one we own) and the target (the one we want) if a privesc path exists in BloodHound database."
-
Autobloody dockerized
"This tool automates the AD privesc between two AD objects, the source (the one we own) and the target (the one we want) if a privesc path exists in BloodHound database."
-
Autobloody dockerized
"This tool automates the AD privesc between two AD objects, the source (the one we own) and the target (the one we want) if a privesc path exists in BloodHound database."
-
Recent privilege escalation vulnerabilities in GNU C Library #glibc widely used in many #Linux distributions such as #Debian, #Ubuntu, #Fedora and others.
CVE-2023-6246 #privesc #vuln can be triggered via #syslog by using long program name or ident parameter in openlog().
Another vulnerability is in #qsort function. While real-world affected programs are currently not known, this vulnerability is pretty old - since 1992 until now.
This is just another reason to consider using Linux distribution without glibc, for example #Alpine Linux with #musl
-
Recent privilege escalation vulnerabilities in GNU C Library #glibc widely used in many #Linux distributions such as #Debian, #Ubuntu, #Fedora and others.
CVE-2023-6246 #privesc #vuln can be triggered via #syslog by using long program name or ident parameter in openlog().
Another vulnerability is in #qsort function. While real-world affected programs are currently not known, this vulnerability is pretty old - since 1992 until now.
This is just another reason to consider using Linux distribution without glibc, for example #Alpine Linux with #musl
-
Recent privilege escalation vulnerabilities in GNU C Library #glibc widely used in many #Linux distributions such as #Debian, #Ubuntu, #Fedora and others.
CVE-2023-6246 #privesc #vuln can be triggered via #syslog by using long program name or ident parameter in openlog().
Another vulnerability is in #qsort function. While real-world affected programs are currently not known, this vulnerability is pretty old - since 1992 until now.
This is just another reason to consider using Linux distribution without glibc, for example #Alpine Linux with #musl
-
Recent privilege escalation vulnerabilities in GNU C Library #glibc widely used in many #Linux distributions such as #Debian, #Ubuntu, #Fedora and others.
CVE-2023-6246 #privesc #vuln can be triggered via #syslog by using long program name or ident parameter in openlog().
Another vulnerability is in #qsort function. While real-world affected programs are currently not known, this vulnerability is pretty old - since 1992 until now.
This is just another reason to consider using Linux distribution without glibc, for example #Alpine Linux with #musl
-
Recent privilege escalation vulnerabilities in GNU C Library #glibc widely used in many #Linux distributions such as #Debian, #Ubuntu, #Fedora and others.
CVE-2023-6246 #privesc #vuln can be triggered via #syslog by using long program name or ident parameter in openlog().
Another vulnerability is in #qsort function. While real-world affected programs are currently not known, this vulnerability is pretty old - since 1992 until now.
This is just another reason to consider using Linux distribution without glibc, for example #Alpine Linux with #musl
-
New #Linux #glibc flaw lets attackers get root on major distros
#Privesc #cybersecurity
https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/ -
New #Linux #glibc flaw lets attackers get root on major distros
#Privesc #cybersecurity
https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/ -
New #Linux #glibc flaw lets attackers get root on major distros
#Privesc #cybersecurity
https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/