Piotr Bazydło
@chudypb
Vulnerability Researcher at the Zero Day Initiative | @[email protected]
ID: 923554711407611904
https://chudypb.github.io/ 26-10-2017 14:19:36
741 Tweet
3,3K Followers
283 Following
Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code
Better late than never, patches from #Microsoft and #Adobe are finally out - and 6 bugs are under active attack. Check out all the details, including some wormable bugs, as The Dustin Childs breaks down the release. zerodayinitiative.com/blog/2024/8/13…
Microsoft fixed CVE-2024-38213 last Tuesday. It was discovered in the wild by ZDI threat hunter Peter Girnus. Today, he makes the details of the vulnerability and how it's being used by threat actors. zerodayinitiative.com/blog/2024/8/14…
We've updated our blog on abusing file deletes to escalate privileges. We've also released PoC to demonstrate this. The exploit offers a high degree of reliability and eliminates all race conditions. It has been tested on the latest Windows 11 Enterprise. zerodayinitiative.com/blog/2022/3/16…
For those of you who might like it: Here are the slides from my Alligatorcon talk: gergelykalman.com/the-missing-gu… I was thinking of sending it to #POC2024, but the POC_Crew 👨👩👦👦 says it only accepts new talks :'(