How to chain SMBleed and SMBGhost to get RCE in Windows 10Think like an attacker, act like a defender. That’s the pentesters’ mantra, if you ask me. That’s why today we’re diving into one of the most interesting tactics that malicious actors use: vulnerability chaining.Author(s)Cristian CorneaPublished at07 Jul 2020Updated at01 Apr 2024
How to exploit the DotNetNuke Cookie DeserializationWe looked at around 300 DotNetNuke deployments in the wild and discovered that one in five installations was vulnerable to CVE-2017-9822. That includes governmental and banking websites. As part of this research, we discovered a Remote Code Execution vulnerability exploitable through DNN Cookie Deserialization in one of the U.S. Department Of Defense’s biggest websites. After having responsibly reported it through HackerOne, the DOD solved the high-severity vulnerability and disclosed the report, with all details now publicly available.Author(s)Cristian CorneaPublished at10 Jun 2020Updated at13 Apr 2023