tutorials · 8 min
CVE-2023-34362 is a pre-auth SQL injection in MOVEit Transfer that Cl0p exploits as zero-day from 27 May. The chain goes SQLi → MachineKey leak → session forge → LEMURLOOT web shell drop (human2.aspx). Result: 2,700+ organisations exposed before the year ends.
· Manuel López Pérez
tutorials · 8 min
CVE-2023-2868 is a trivial command injection in the Email Security Gateway TAR parser. UNC4841 has been exploiting it since October 2022. Barracuda does not recommend patching — it recommends throwing the device out. We reproduce the malicious filename, walk through the buggy Perl path and review the IoCs published by Mandiant.
· Manuel López Pérez
tutorials · 8 min
CVE-2023-23397 lets Outlook send the user NTLMv2 hash to an attacker SMB server just by processing an email. No click, no preview. Exploited as zero-day by APT28 since April 2022. Reproducible PoC with Outlook COM, Wireshark capture of the handshake and offline crack with hashcat.
· Manuel López Pérez
tutorials · 6 min
Practical introduction to Frida on Android: setting up the environment (ADB + frida-tools + frida-server) and solving several basic exercises with JavaScript scripts.
· Pablo Plaza Martínez
tutorials · 8 min
Practical write-up of a 64-bit ELF with format string and buffer overflow to leak libc/PIE/canary and build a ROP that bypasses NX, ASLR, PIE, and stack canary.
· Manuel López Pérez
tutorials · 7 min
MITM with ARP poisoning and mitmproxy: intercept traffic in transparent mode, redirect with iptables, and modify responses on the fly using scripts with mitmdump.
· Pablo Plaza Martínez
tutorials · 1 min
Video write-up by Brainpan (Vulnhub) focused on practising buffer overflow in Windows for OSCP using Mona.
· Manuel López Pérez
tutorials · 6 min
Step-by-step explanation and PoC of the chain of vulnerabilities in WordPress 5.1 (patched in 5.1.1): CSRF in comments → Stored XSS via wp_kses bypass → RCE by editing plugin as administrator. Requires victim interaction (visiting malicious page).
· Pablo Plaza Martínez
tutorials · 5 min
Two real techniques for bypassing captive portals on WiFi networks: MAC cloning (weak authentication) and DNS tunnelling with iodine (for more secure portals). Updated with modern tools, best practices, and security recommendations.
· Pablo Plaza Martínez
tutorials · 3 min
Proof of Concept (PoC) for the WinRAR CVE-2018-20250 vulnerability, allowing remote code execution by extracting malicious files to arbitrary directories. Step-by-step guide to create a malicious ACE file that executes a payload on system startup.
· Manuel López Pérez
tutorials · 4 min
Protostar Stack6: when you can't jump to the stack, it's time for ret2libc. Offset calculation and use of system(), exit() and '/bin/sh' from libc to execute a shell.
· Manuel López Pérez
tutorials · 5 min
Protostar Stack5: first "classic" buffer overflow with shellcode injection, offset calculation, EIP control, and use of NOP sled to stabilise addresses.
· Manuel López Pérez
