Tag Archives: security

Weaponizing AMSI bypass with PowerShell

Introduction The Windows Antimalware Scan Interface (AMSI) is a versatile interface standard that allows applications and services to integrate with any antimalware product that’s present on a machine. You can find more information on it here: https://docs.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal. A while ago … Continue reading

Posted in Researching, Windows, Write-Up | Tagged , , , , , | Leave a comment

Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]

During a recent webapplication testing I decided to perform some fuzzing of certain paths within the URI of a CMS and happened to find a potential SSTI (server side template injection) within one of the CMS’ plugins which I then … Continue reading

Posted in Researching, Webapplication security, Write-Up | Tagged , , , , , , , , , , , , , | 4 Comments