Category Archives: Researching

Weaponizing AMSI bypass with PowerShell

Posted on 2019-05-13 by 0xB455

Introduction The Windows Antimalware Scan Interface (AMSI) is a versatile interface standard that allows applications and services to integrate with any antimalware product that’s present on a machine. You can find more information on it here: https://docs.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal. A while ago … Continue reading →

Posted in Researching, Windows, Write-Up | Tagged amsi, bypass, exploitation, hacking, Powershell, security | Comments Off

Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]

Posted on 2018-07-24 by 0xB455

During a recent webapplication testing I decided to perform some fuzzing of certain paths within the URI of a CMS and happened to find a potential SSTI (server side template injection) within one of the CMS’ plugins which I then … Continue reading →

Posted in Researching, Webapplication security, Write-Up | Tagged bugbounty, bughunting, cve, cve-2018-14716, exploit, exploitation, exploitdb, hacking, information disclosure, security, server side template injection, ssti, vulnerability, webapplication | Comments Off

Comprehensive data leakage via Google Groups

Posted on 2018-06-05 by 0xB455

So, a few days ago Brian Krebs posted an article on his blog called “Are Your Google Groups Leaking Data?“. This article reached me while I was chilling in the sun but it did not really suprise me as I … Continue reading →

Posted in General Stuff, Researching, Write-Up | Tagged data leak, google cloud, privacy | Comments Off

Category Archives: Researching

Weaponizing AMSI bypass with PowerShell

Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]

Comprehensive data leakage via Google Groups

Recent Posts