Menu

Home

got 0day?

This blog will cover my progress on various topics of my security research. I hope this blog will encourage you to do your own research and share it with the world for a better tomorrow.

The perfect SSO account takeover with Oracle OAM (CVE-2018-2739)

TL;DR This weakness allows us to bypass the URL filtering on the RH parameter which could be used to hijack the session of any user »

Windows Remote Assistance XXE vulnerability

Intro Windows Remote Assistance allows someone you trust take over your PC and fix a problem from anywhere around the world. It relies on the Remote »

SMBv3 Null Pointer Dereference vulnerability (CVE-2018-0833)

Table of contents Intro Root cause analysis Proof-of-Concept Intro Late last year while setting up a fuzzer to target the SMB protocol, I discovered a vulnerability »

Oracle OAM 10g Session Hijacking

Table of contents Intro Oracle OAM Authentication flow Hijacking the session Global Exposure Proof-of-Concept Webserver Script Proof-of-Concept Video Mitigation CVSS rating Intro TL;DR Badly configured »

VIDEO: Hack In Paris 2016: From zero to SYSTEM on FDE Windows System

This is the presentation video from the HIP 16 presentation Tom and I did earlier this summer. I hope you enjoy it! »