Tag Archives: hacking

Weaponizing AMSI bypass with PowerShell

Introduction A while ago a colleague told me about an engagement in which he was running into a scenario where AMSI was unfortunately blocking his somewhat malicious PowerShell code. Due to several constrains it turned out that a lot of … Continue reading

Posted in Researching, Windows, Write-Up | Tagged , , , , , | Leave a comment

Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]

During a recent webapplication testing I decided to perform some fuzzing of certain paths within the URI of a CMS and happened to find a potential SSTI (server side template injection) within one of the CMS’ plugins which I then … Continue reading

Posted in Researching, Webapplication security, Write-Up | Tagged , , , , , , , , , , , , , | 4 Comments