Category Archives: Write-Up

Weaponizing AMSI bypass with PowerShell

Introduction A while ago a colleague told me about an engagement in which he was running into a scenario where AMSI was unfortunately blocking his somewhat malicious PowerShell code. Due to several constrains it turned out that a lot of … Continue reading

Posted in Researching, Windows, Write-Up | Tagged , , , , , | Leave a comment

Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]

During a recent webapplication testing I decided to perform some fuzzing of certain paths within the URI of a CMS and happened to find a potential SSTI (server side template injection) within one of the CMS’ plugins which I then … Continue reading

Posted in Researching, Webapplication security, Write-Up | Tagged , , , , , , , , , , , , , | 4 Comments

Comprehensive data leakage via Google Groups

So, a few days ago Brian Krebs posted an article on his blog called “Are Your Google Groups Leaking Data?“. This article reached me while I was chilling in the sun but it did not really suprise me as I … Continue reading

Posted in General Stuff, Researching, Write-Up | Tagged , , | Leave a comment