ksmbd - Fuzzing Improvements and Vulnerability Discovery 本文研究了Linux内核中SMB服务器组件ksmbd的模糊测试方法，通过改进配置和策略发现了23个漏洞，包括内存损坏问题，并详细描述了发现与修复过程。... 2025-9-1 22:0:45 | 阅读: 3 | 收藏 | 0day Fans - blog.doyensec.com smb2 ksmbd anyblob syzkaller syz

Trivial C# Random Exploitation C#的Random类因使用TickCount作为种子导致密码重置令牌生成漏洞。攻击者通过快速请求获取相同随机数和令牌，实现账户接管。... 2025-8-19 11:0:30 | 阅读: 7 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com seedarray mbig equation invert mk

SCIM Hunting - Beyond SSO 文章探讨了SCIM（系统跨域身份管理）标准及其常见安全漏洞。SCIM用于自动化用户账户的创建和删除以确保一致性。文章指出许多SCIM实现存在缺陷如认证绕过、令牌管理不当及内部属性操控等问题可能导致账户接管等严重后果。建议在测试SSO时应将SCIM纳入范围以发现潜在风险。... 2025-5-8 21:0:36 | 阅读: 27 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com scim sso username idp urn

CSPT Resources 文章汇总了与客户端路径遍历（CSPT）相关的资源，包括博客、漏洞、工具、CTF挑战和视频等，并鼓励研究人员深入探索这一未受重视但影响深远的安全攻击向量。... 2025-3-27 16:15:26 | 阅读: 2 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com cspt client maxence schmitt security

!exploitable Episode Three - Devfile Adventures 文章描述了研究人员在GitLab Workspaces功能中发现的CVE-2024-0402漏洞。该漏洞利用YAML解析差异和压缩包解压中的路径遍历问题，在GitLab服务器上实现任意文件写入，并最终提升权限。... 2025-3-18 10:0:33 | 阅读: 5 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com gitlab devfile workspaces ssh returnederr

!exploitable Episode Two - Enter the Matrix 27 Feb 2025 - Posted by Dennis GoodlettIntroductionIn case you are just tuning in, Doyensec... 2025-3-5 11:0:35 | 阅读: 1 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com ssh int16 lldb blocksize entrysize

!exploitable Episode Two - Enter the Matrix 04 Mar 2025 - Posted by Dennis GoodlettIntroductionIn case you are just tuning in, Doyensec... 2025-3-4 15:15:31 | 阅读: 1 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com ssh lldb blocksize int16 entrysize

!exploitable Episode One - Breaking IoT Doyensec团队在公司retreat期间进行了名为“!exploitable”的漏洞挑战活动，专注于物联网、网络和二进制漏洞。本文详细描述了他们在Tenda AC15路由器中发现并利用堆溢出漏洞CVE-2024-2850的过程，成功开发ROP链添加后门用户以获得root权限。... 2025-2-10 23:0:46 | 阅读: 2 | 收藏 | 0day Fans - blog.doyensec.com payload client emux 0x00000000

Common OAuth Vulnerabilities 30 Jan 2025 - Posted by Jose Catalan, Szymon DrosdzolOAuth2’s popularity makes it a prime targ... 2025-1-29 22:58:56 | 阅读: 5 | 收藏 | 0day Fans - blog.doyensec.com client ietf datatracker rfc6749 implicit

Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal 09 Jan 2025 - Posted by Maxence SchmittIn my previous blog post, I demonstrated how a JSON... 2025-1-9 08:30:34 | 阅读: 1 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com cspt endobj 00000 binaryfile pdflib

Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal 07 Jan 2025 - Posted by Maxence SchmittIn my previous blog post, I demonstrated how a JSON... 2025-1-7 15:45:32 | 阅读: 1 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com cspt 00000 endobj binaryfile pdflib

ksmbd vulnerability research 07 Jan 2025 - Posted by Norbert SzeteiIntroductionAt Doyensec, we decided to perform a vulne... 2025-1-7 15:45:31 | 阅读: 12 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com ksmbd sess smb2 287 bootlin

Unsafe Archive Unpacking: Labs and Semgrep Rules 16 Dec 2024 - Posted by Michael PastorIntroductionDuring my recent internship with Doyensec,... 2024-12-16 17:45:29 | 阅读: 1 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com shutil expand semgrep copyfileobj

CSPT the Eval Villain Way! 03 Dec 2024 - Posted by Dennis GoodlettDoyensec’s Maxence Schmitt recently built aplayground... 2024-12-3 23:30:33 | 阅读: 2 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com villain cspt evsourcer playground evsinker

Class Pollution in Ruby: A Deep Dive into Exploiting Recursive Merges 02 Oct 2024 - Posted by Raúl MijánIntroductionIn this post, we are going to explore a rarely... 2024-10-3 02:0:29 | 阅读: 21 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com recursive pollution hashie poison keysigner

Applying Security Engineering to Make Phishing Harder - A Case Study 19 Sep 2024 - Posted by Szymon DrosdzolRecently Doyensec was hired by a client offering a “C... 2024-9-19 20:30:27 | 阅读: 4 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com security phishing doyensec attacker client

Windows Installer, exploiting Common Actions 18 Jul 2024 - Posted by Adrian DenkiewiczOver a year ago, I published my research around the W... 2024-7-18 15:45:21 | 阅读: 8 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com windows runcommand repair microsoft

A Race to the Bottom - Database Transactions Undermining Your AppSec 11 Jul 2024 - Posted by Viktor ChuchurskiIntroductionDatabases are a crucial part of any mod... 2024-7-11 20:0:29 | 阅读: 4 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com database tx1 concurrent tx2 locks

Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF 02 Jul 2024 - Posted by Maxence SchmittTo provide users with a safer browsing experience, t... 2024-7-3 04:45:22 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com client cspt2csrf security attacker whitepaper

Single Sign-On Or Single Point of Failure? 20 Jun 2024 - Posted by Anthony TrummerNo one can argue with the convenience that single si... 2024-6-21 00:45:22 | 阅读: 10 | 收藏 | Over Security - Cybersecurity news aggregator - blog.doyensec.com teleport whitepaper security idp sso