Our Blog

Let me store that for you

Reading time: ~8 min
Posted by Paul van der Haas on 11 September 2020
Categories: 0day, Dll hijacking, Privilege escalation
A while ago Jonas Lykkegaard disclosed a zeroday that could be used to create files in the SYSTEM folder. CVE-2020-16885...

The hunt for Chromium issue 1072171

Reading time: ~40 min
Posted by Javier Jimenez on 29 May 2020
Categories: Browser, Chrome, Exploit development, Vulnerability research, 0day, V8, Vulnerability
Intro The last few months I’ve been studying Chrome’s v8 internals and exploits with the focus of finding a type...

Being Stubborn Pays Off pt. 2 – Tale of two 0days on PRTG Network Monitor

Reading time: ~12 min
Posted by Javier Jimenez on 22 May 2020
Categories: 0day, Exploit development, Webapps, Dos, Monitor, Network, Poc, Proofofconcept, Prtg, Prtg network monitor, Rce, Shodan
Intro Last year I wrote how to weaponize CVE-2018-19204. This blog post will continue and elaborate on the finding and...

Being Stubborn Pays Off pt. 1 – CVE-2018-19204

Reading time: ~13 min
Posted by Javier Jimenez on 18 April 2019
Categories: Cve, Exploit development, Internals, Webapps, 0day, Cve-2018-19204, Exploit, Prtg network monitor, Web application
Intro During an internal assessment, I came across monitoring software that had default credentials configured. This monitoring software allowed for...