Stefan Iridon

Pentest-Tools.com, Security Research Engineer

Security research engineer with a passion for everything that "moves" in cybersecurity. Curious and eager to learn how stuff works while potentially breaking it in the process. I use my skills and knowledge to broaden the array of exploits we provide to our customers.

How to manually detect and exploit Spring4Shell (CVE-2022-22965)

Just a few months after the Log4Shell brutally shook our world, when things started to look calm and peaceful again, the Vulnerability Gods have unleashed upon us. Another similarly named vulnerability in a popular Java framework – Spring4Shell – came to light. Is CVE-2022-22965 as dangerous and as widespread as its (slightly) older sibling? Stick with us to find out!

Read the article titled exploit-http.sys-rce-cve-2022-3129.png

Vulnerabilities

How to exploit the HTTP.sys Remote Code Execution vulnerability (CVE-2022-21907)

Pattern recognition is what hundreds of security specialists in our community voted as the skill to cultivate for a rewarding infosec career. While we have some innate pattern recognition abilities, developing them is essential – and that’s a matter of practice. Working in offensive security gives you plenty of opportunities to do this, with new vulnerabilities ripe for close examination. So let’s go ahead and do just that while discovering how this CVE carries echoes from another vulnerability from a while back.

Stefan Iridon

Published at: 28 Feb 2022

5 min read

How to exploit the VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21985)

More high-risk vulnerabilities mean more work for you. The good news? You won’t be out of work anytime soon. The bad news? You’ll probably work a lot more than you anticipate. So how do you balance the good and the not-so-great? By having a replicable process for when a high-risk CVE that leads to RCE hits your targets (the likes of CVE-2021-21985).

Stefan Iridon

Posts by this author

How to manually detect and exploit Spring4Shell (CVE-2022-22965)

How to exploit the HTTP.sys Remote Code Execution vulnerability (CVE-2022-21907)

How to exploit the VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21985)