Exploiting CVE-2025-40629: Path Traversal in PNETLab (v4.2.10) TL; DR While testing a PNETLab instance (v4.2.10), I stumbled upon CVE-2025-40629 - a path traversal vulnerability. No public PoC of the vulnerability was available, and there was no indication whether the exploit requires authentication. After diving into the source code in Github (probably unofficial), I found that
flareon FlareOn11: Challenge 5 - sshd Introduction If you're new to FlareOn or haven't heard about it, FlareOn is an annual reverse-engineering CTF competition organized by Mandiant team. It's designed to challenge security enthusiasts, malware analysts, and reverse engineers with a series of increasingly difficult puzzles that test a wide
flareon FlareOn11: Challenge 7 - fullspeed Introduction If you're new to FlareOn or haven't heard about it, FlareOn is an annual reverse-engineering CTF competition organized by Mandiant team. It's designed to challenge security enthusiasts, malware analysts, and reverse engineers with a series of increasingly difficult puzzles that test a wide
flareon Flare-On 10 Solutions Flare-On [https://flare-on.com/] is an annual single-player Windows-centric CTF competition focusing on Reverse Engineering and Malware Analysis. This competition is organized by the FLARE team in Mandiant [https://www.mandiant.com/]. If you complete all the challenges, you receive a prize and a permanent recognition on Flare-On website. Flare-On
OSMR Review of EXP-312 and OSMR Introduction In 2021, OffSec (previously known as Offensive Security) introduced their first macOS-related security course with the name "Advanced macOS Control Bypasses" (EXP-312). This course discusses logical attacks that can be performed on macOS to escalate privileges and to bypass the system's security controls. As usually
ntapi Process Code Injection Through Undocumented NTAPI * Process code injection through chaining VirtualAllocEx, WriteProcessMemory, and CreateRemoteThread Win32 API functions is considered to be a standard technique. There's also another way of injecting code into another process's virtual address space, which can be done through the following lower-level native NT API functions: NtCreateSection, NtMapViewOfSection,
Chaining HTTP Smuggling Attack with Open-Redirection to possibly leak client's request data TL;DR: An open-redirection vulnerability can be leveraged along with HTTP Request Smuggling vulnerability to redirect clients of the target web server to a malicious web server and potentially leak information out of the client's requests. Discovery There was a scenario that I went across while I was
