The Butterfly Effect: Turning Overlooked Misconfigurations into Zero Click Account Takeover

In the world of application security, even low severity misconfigurations can act as a butterfly’s wing flap, triggering a chain reaction that leads to more impactful attack scenarios. Today, I’ll take you on a journey through one such scenario, where low impact vulnerabilities snowball into a full blown zero click account takeover. Along the way, you’ll see how every overlooked detail and misconfiguration can become a stepping stone for a determined attacker.

Pimcore Host Header Injection in user invitation link - CVE-2024-25625

A Host Header Injection vulnerability has been discovered in pimcore/admin-ui-classic-bundle up to version v1.3.3. Specifically in the invitationLinkAction function of the UserController, in the way $loginUrl trusts user input.

[Fr] Network-Shredder: A python based NIDS.

Dans le cadre du Blue Teaming, les IDS jouent un rôle très important dans la détection du trafic malicieux. La structure de l’IDS le permet de détecter, voire filtrer les paquets suspicieux selon des règles personnalisées par l’utilisateur. Le progrès technologique dans le domaine de sécurité informatique offensive implique la présence de systèmes de détection d’intrusions avec des stratégies avancées de filtrage des paquets en jouant sur les en-têtes protocolaires ainsi que le contenu des datagrammes.

My First Try on Exploit Development !

In the domain of Cyber Security, going for the easiest route (automating all tasks with Metasploit) is not always a good choice, especially if you are at the beginning of the road (just like me).

Cyber Security Bootcamp Training - CIT Club

I recently led a training bootcamp for my school’s CIT club, engaging around 60 students in a comprehensive exploration of key cybersecurity topics. The bootcamp covered: