Explore >> Select a destination

You are here

 m417z.com
Privilege escalation using the XAML diagnostics API (CVE-2023-36003) - m417z / blog - A Blog About Stuff
| | parsiya.net
No, You Are Not Getting a CVE for That
2.1 parsecs away

Travel
| | [AI summary] A security engineer explains why 'style points' like unquoted service paths or 404 injection are not real vulnerabilities and clarifies the distinction between code injection at current privilege levels versus actual privilege escalation.
| | reverse.put.as
Patching what Apple doesn't want to or how to make your "old" OS X versions a bit safer | Reverse Engineering
2.0 parsecs away

Travel
| | Today a local privilege escalation vulnerability was disclosed in this blog post. It describes a vulnerability in IOBluetoothFamily kernel extension (IOKit is a never-ending hole of security vulnerabilities). Mavericks and most probably all previous versions are vulnerable but not Yosemite. The reason for this is that Apple silently patched the bug in Yosemite. This is not a new practice, where Apple patches bugs in the latest and newly released OS X version and doesn't care about older versions.
| | www.atredis.com
CVE-2018-0952: Privilege Escalation Vulnerability in Windows Standard Collector Service - Atredis Partners
1.7 parsecs away

Travel
| | [AI summary] A detailed technical write-up analyzes a Windows Standard Collector Service privilege escalation vulnerability involving symlink attacks and arbitrary file creation, includes a proof-of-concept exploit, and describes the patch.
| | blog.xpnsec.com
Kerberos AD Attacks - More Roasting with AS-REP - XPN InfoSec Blog
26.5 parsecs away

Travel
| In this post we will be exploring another "roasting" method which involves exploiting a weak account configuration setting in Active Directory.. AS-REP Roasting.