In this blog post, critical security vulnerabilities discovered in Grav CMS are explored. Two out of four issues I reported have been assigned CVE-2024-27921 and CVE-2024-34082. By exploiting a combination of these vulnerabilities, an unauthenticated attacker can escalate privileges and execute code on the server. This blog post details how a manual source code review was performed to uncover these vulnerabilities, explaining their mechanisms and potential impact.

TL; DR: Our Build Pipeline Security Assessment prepares you against modern and sophisticated threats using the same Tactics, Techniques and Procedures (TTP’s) an adversary would use against your CI/CD pipeline.

The reverse shell is a staple technique in the offensive security industry. The ability to convert a remote code execution vulnerability into a fully fledged interactive session is endlessly useful for enumeration, privilege escalation, and pivoting.

In this article I propose a new tool oneshell to solve some of the problems with existing tooling.

This post examines CVE-2024-27292 in Docassemble, revealing an unauthenticated path traversal flaw that exposes sensitive files and secrets, leading to privilege escalation and template injection, enabling remote code execution. It details the vulnerability, its impact, and the exploitation steps.

Judge0 is an open source service used to run arbitrary code inside a secure sandbox. The Judge0 website lists 23 clients using the service, with more than 300 self hosted instances available on the public internet and potentially many more within internal networks.

Tanto Security disclosed vulnerabilities in Judge0 that allows an adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine. These vulnerabilities were assigned CVE-2024-29021, CVE-2024-28185 and CVE-2024-28189.

Dompdf is a popular library in PHP used for rendering PDF files from HTML. Tanto Security disclosed a vulnerability in Dompdf affecting version 2.0.0 and below. The vulnerability was patched in Dompdf v2.0.1. We recommend all Dompdf users update to the latest version as soon as possible. Exploitation of the vulnerability results in remote code execution subject to the following conditions. The application is deployed on PHP <= 7.x and a well-known RCE deserialization gadget exists in any of the applications library’s.

Penetration testing is a critical part of the cybersecurity industry. It’s been around for a long time and pen testing fatigue is a real thing. However, there are some who feel that pen testing itself is dead. Are they right? How can we tell if penetration testing (alias include PenTesting, Pen Testing) is still relevant or not.

TL; DR: The more information provided for pen testing the better the outcomes.

TL; DR: This is a pilot program for Financial Institutions to standardise Threat Intel, Red Teaming, Purple Team and Gold Teaming to understand the financial industries resilience to cyber-attack.

TL; DR: UK accounting firms are splitting their audit functions, could this be a structure applied to cyber security firms in the future.

TL; DR: Match the type of security services you are using to the level of maturity and the types of threats that your organisation faces to ensure you meet your objectives.