P@i||p Forward Sorcery 👻

Latest — Mar 7, 2022

Prométhée Solutions ENT 0day Error Based SQL Injection

Disclaimer This post is the first disclosure of this vulnerability which has not been reported to the editor. The reasons are explained below... Is the ENT Open Source ? Well on first glance, Prométhée Solutions claims it is Later on the same page, another open source claim And when you try

More issues

GestSup v3.1.15 multiple vulnerabilities

Disclosure timeline Developers were contacted the 30/12/2021‌‌ Developers acknowledged receiving the vulnerabilities and asking to wait for two months so users may have the time to update‌‌ Disclosure on this blog was made the 06/03/2022 Remote Code Execution during installation GestSup v3.1.15, when /install/

Backdooring common Linux services for fun & persistence

OpenSSH OpenSSH is one of the most used software on *NIX operating system making it a commonly deployed binary that adversary may encounter during post exploitation phase. We will show you how to tamper OpenSSH sources to turn the binary into a discrete backdoor. Setting up the environment Well creating

SystemD Use & Abuse

SystemD has been increasingly used since its release in 2010. I have been familiar and used to working with SystemD services, timers and many more, as for my constant ArchLinux use. Since SystemD has been increasingly used, malicious actors have taken interest in knowing how to exploit common configuration flaws