SinSinology
LightNews LightNews
banner
sinsinology.bsky.social
SinSinology
@sinsinology.bsky.social
240 followers 65 following 0 posts
Pwn2Own 20{22,23,24,24.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊

https://summoning.team/
Posts Replies Media Videos
Reposted by SinSinology
itm4n.bsky.social
I updated the diagram representing the different Point and Print configurations and their exploitation on my blog.

Hopefully, this should provide a better understanding of the whole "PrintNightmare" situation to both defenders and red teamers. 🤞
Diagram representing the various Windows Point and Print configurations that reintroduce the PrintNightmare exploit variants.
December 4, 2024 at 5:42 PM
Reposted by SinSinology
steven.srcincite.io
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!

Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties
Recently a past student came to me with a very interesting unauthenticated vulnerability in a Spring application that they were having a hard time exploiting...
srcincite.io
November 26, 2024 at 11:57 PM
Reposted by SinSinology
badsectorlabs.com
Arc browser RCE, more Fortinet woes (@sinsinology.bsky.social), PowerHuntShares v2, make_token_cert, BOFs without DFR (@netbiosx.bsky.social), and more!

blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2024-11-18
Arc browser RCE (@RenwaX23), more Fortinet woes (@SinSinology), PowerHuntShares v2 (@_nullbind), make_token_cert (@freefirex2), BOFs without DFR (@netbiosX), and more!
blog.badsectorlabs.com
November 19, 2024 at 5:25 AM