Explore >> Select a destination
|
You are here 
|
www.securitynik.com | ||
| | | | |
taeluralexis.com
|
|
| | | | | In this writeup, we'll exploit a Linux machine on Hack The Box with CVE-2023-46604, leveraging Java deserialization for remote code execution. | |
| | | | |
macrosec.tech
|
|
| | | | | The first thing we need to do is to identify which dll is crucial for discord to run because that is the dll we will use to perform dll hijacking. In order to find out, we need to open the file location of discord and we see: To identify the COM Keys of Chrome that we can use for COM Hijacking, we use the tool Process Monitor to identify all the processes running when Chrome runs, we also discover the COM servers that are missing CLSID's and the ones which don't require elevated privileges. We use the following filters: | |
| | | | |
pentestlab.blog
|
|
| | | | | In Windows environmentswhen an applicationor a serviceis startingit looks for a number of DLL's in orderto function properly.If these DLL'sdoesn't exist or are implemented in an insecure way (DLL'sare called withoutusing a fully qualified path) then itis possible to escalate privileges by forcing the application to load and execute amalicious DLL file. It should be... | |
| | | | |
www.tyil.nl
|
|
| | | [AI summary] This blog post provides a step-by-step tutorial on configuring nginx with Let's Encrypt SSL on a FreeBSD server to secure a static website. | ||
