RCE on a Laravel Private Program

The recent Laravel CVE enables remote attackers to exploit a RCE flaw in websites using Laravel. I’ve read the article about the exploitation procedure using the Ignition library on Laravel. To get started, I went through our recon database which contains the domains and subdomains of many web applications. We have built this system for bug bounty hunting: bug bounty database containing domains and assets There were roughly 526k live…

Read More

Finding The Origin IP Behind CDNs

Hello guys, It’s HolyBugx. I started writing this post after this tweet, as I saw many interested people wanted me to do it. So I decided to share my knowledge with you. Without further explanation let’s get to the point. What is a CDN? A CDN allows for the quick transfer of assets needed for loading Internet content including HTML pages, Javascript files, stylesheets, images, and videos. The popularity of…

Read More
ZDResearch Presents ICS Honeypot Detection Framework at Kaspersky Industrial Cybersecurity Conference

ZDResearch Presents ICS Honeypot Detection Framework at Kaspersky Industrial Cybersecurity Conference

The Sixth Conference on Industrial Cybersecurity Organized by Kaspersky Lab was held on September 19-21 in Sochi, Russia. This year’s theme was ‘Industrial Cybersecurity: Opportunities and Challenges in Digital Transformation’.   Event participants included leading experts on the security of industrial systems, as well as specialists and managers representing industrial enterprises from more than 20 countries, including USA, China, Russia, Germany, Denmark, Italy, Spain, France, Lithuania, Saudi Arabia, UAE, Qatar,…

Read More
National Collegiate Cyber Defense Competition Writeup

National Collegiate Cyber Defense Competition Writeup

We are Volitech, an advanced biotech company with heavy emphasis on R&D that serves many customers with high-tech bio research and services, from prosthetics to health management. We have recently been hacked by a notorious hacker group, and have fired all of our administration team. You are the new administrative team, you shall maintain our systems, defend them against future hackers, and investigate the old hack. That sums up the…

Read More