Few notes from CTF@CIT

During this weekend I had a moment to read what's new at CTFTime and that's how I found CTF@CIT prepared by HACK@CIT. Below you'll find few notes about it. Here we go...

Postauth SQLi in Centreon 23.10-1.el8

Similar to previous notes about hunting bugs in Centreon few weeks ago I prepared a new lab to test 'current/latest' version of this webapp. Below you'll find the details. Here we go...

Postauth SQLi in AdvantechWeb/SCADA 9.1.5U

During some internal pentests performed few weeks ago I found an SQL injection (postauth) bug in "latest" AdvantechWeb/SCADA (9.1.5U). Below you'll find more details about it. Here we go...

Healthy PostAuth RCE in FortiADC 7.4.0

Few weeks ago when I was playing a bit with Fortigate machines I decided to check FortiADC VM (downloaded here). After a while I found an interesting "feature" that can be used to achieve ('limited' AFAIK ;)) postauth RCE. Below you'll find few notes about it. Here we go...

The Hack Summit 2023 - Online presentation

This year I had a pleasure to present few of the topics from my research during The Hack Summit Conference in Poland[1, 2, 3]. This time we (mostly;)) talked about one preauth RCE bug I found in ConQuest DICOM server (1.5.0d). Below you'll find more details about it. Here we go...

Monitoring SUFF - Part 2

During one night I decided to continue my tests with suff.py script described before. This time I decided to run it with FortiWeb VM (v7.4.0 build577) so below you'll find few notes about it. Here we go...

Monitoring SUFF

Few months ago we talked about Simple Universal Fortigate Fuzzer. Small script created in Python to mutate commands we'd like to send to Forti CLI. Today we'll check how to grab few "log details" for our future analysis. Here we go... 

Windows Embedded Eternally Blue

Few weeks ago I was asked to help a bit with exploitation of MS17_010 for one of the hosts found in the pentest project scope. Below you'll find more details about it. Here we go...

Simple Universal Fortigate Fuzzer

Today we'll finish the topic started few months ago: Simple Universal Fortigate Fuzzer. Below youl'l find the details about it. Here we go...

Fuzzing Fortigate 7

Continuing my journey with the Mutiny Fuzzing Framework one of the apps I decided to test was a Fortigate 7.x VM (what I initially described during the last TheHackSummit conference). Below you'll find more details about it. Here we go...