Pentest: From Customer to Full Application Takeover
By Zeyad Azima IntroductionWelcome everyone! In addition to my regular work, I take on some pentesting projects as a freelancer for various clients. Today, I’m excited to share a particularly interesting bug that started as a seemingly straightforward XSS vulnerability but ultimately led to a full application takeover. Application OverviewThe application ..
Read more
OSWP PlayBook: (Offensive Security Wireless Professional)
By Zeyad Azima SummaryKudos to my friend @Abdulrahman for starting the first version of the playbook and after contributing together we update it with organized structure, More steps and practicality. You can download the PDF version of the book fro here. Contact & Follow Us Github Abdulrahman Zeyad Linkedin Abdulrahman Zeyad Twitter/X..
Read more
ROPGadget: Writing a ROPDecoder
By Zeyad Azima IntroductionWelcome All!, In this blog post we will be talking about creating a ROPDecoder from scratch as many people face issues in understand the automated process of it. And note that you must know how to bypass DEP and what’s ROPGadgets, We wil be Starting from selecting our ROP Gadget, Going to encoding and decoding our shellcode manu..
Read more
OSED Notes: (Offensive Security Exploit Developer)
By Zeyad Azima x86 Intel Assembly Register Name Acronym 16-bit 8-bit High 8-bit Low Description Extended Accumulator Register EAX AX AH AL Primarily used for arithmetic operations. Often stores the return value of a function. Extended Base Register EBX BX BH BL Can be used as a pointer to data (especially with the use of the SIB byte, or for local v..
Read more
CVE-2023-26818 macOS TCC Bypass Exploit (Parts 1 & 2)
By Zeyad Azima OverviewThis combines both parts of the original write-up into a single post. Part 1 covers entitlement-targeted payloads (camera, microphone, Apple Events) for Telegram; Part 2 extends the tooling with data exfiltration and a console app for quicker dylib edits and compilation. Part 1 — Exploit Writing: CVE-2023-26818 macOS TCC Bypass w&#x..
Read more
Macros With N1NJ10 [Undetectable Windows 11 & 10]
By Fady Moheb What is Macros ?Macros are used to automate frequently used tasks. Hackers have been using Macros for a long time as a means to gain initial access to target networks by injecting malicious code into macros. These macros are all called malicious macros or macro malware or macro virus. Let’s see how to create a malicious macro to exploit Windo..
Read more
CVE-2023-26818 macOS TCC Bypass Analysis (Parts 1 & 2)
By Zeyad Azima OverviewThis merges the two-part analysis of CVE-2023-26818 into a single post. Part 1 covers the root cause and DyLib injection path in Telegram. Part 2 dives into macOS sandboxing and how to bypass it to complete the exploit chain. Part 1 — CVE-2023-26818: macOS TCC Bypass w/ Telegram (Analysis)IntroductionA vulnerability Discovered ..
Read more
CVE-2021-38294: Apache Storm Nimbus Command Injection
By Zeyad Azima Introduction#CVE-2021-38294 is a Command Injection vulnerability that affects Nimbus server in apache storm in getTopologyHistory services, A successful crafted request to Nimbus server will result in exploitation for this vulnerability will lead to execute malicious command & takeover the server. The affected versions are 1.x prior to 1..
Read more
CVE-2021-44521: Apache Cassandra Remote Code Execution
By Zeyad Azima IntroductionCVE-2021-44521 is a vulnerability discovered in Apache Cassandra which allow an attacker to achieve remote command execution through UDFS & bypass the sandbox to execute the code on the server under specific configurations which let the attacker to takeover the server. CVSS:(Critical) https://nvd.nist.gov/vuln-metrics/cvss/v3..
Read more
CVE-2021-45232: Apache APISIX Dashboard Unauthorized Access & Unauth-RCE
By Zeyad Azima IntroductionApache APISIX Dashboard before 2.10.1 is vulnerable to Unauthorized Access Vulnerability known as CVE-2021-45232, The authentication middleware was developed based on the droplet framework. But, some APIs used the gin framework directly as a results it leads for a bypass in authentication & a successfully exploitation for thi..
Read more