Articles worth-reading from 2019

Published: 02 Jan 2020

Every week, our twitter account @PentesterLab publishes a list of articles worth-reading. This is the list of all the articles for 2019. Enjoy!!

30/12/2019

πŸ—žοΈ https://medium.com/@terjanq/clobbering-the-clobbered-vol-2-fb199ad7ec41

23/12/2019

πŸ—žοΈ https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/

πŸ—žοΈ https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/

πŸ—žοΈ https://www.synacktiv.com/posts/pentest/pwning-an-outdated-kibana-with-not-so-sad-vulnerabilities.html

πŸ—žοΈ https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/

16/12/2019

πŸ—žοΈ https://hipotermia.pw/bb/http-desync-idor

πŸ—žοΈ https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md#git-submodule-update-command-execution

πŸ—žοΈ https://www.reddit.com/r/crypto/comments/e8t17w/comment/faerj2m

πŸ—žοΈ https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui

πŸ—žοΈ https://diverto.github.io/2019/11/18/Cracking-LUKS-passphrases

09/12/2019

πŸ—žοΈ https://github.com/bkimminich/juice-shop/issues/1173#

πŸ—žοΈ https://css.csail.mit.edu/6.858/2013/readings/plan9auth.pdf

πŸ—žοΈ https://github.com/netanel01/ctf-writeups/blob/master/googlectf/2019/pwn_gomium/README.md

πŸ—žοΈ https://www.noob.ninja/2019/12/spilling-local-files-via-xxe-when-http.html?m=1

02/12/2019

πŸ—žοΈ http://blog.infosectcbr.com.au/2019/11/uclibc-unlink-heap-exploitation.html

πŸ—žοΈ https://blog.teddykatz.com/2019/11/23/json-padding-oracles.html

25/11/2019

πŸ—žοΈ https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/

πŸ—žοΈ https://know.bishopfox.com/research/reasonably-secure-electron

18/11/2019

πŸ—žοΈ https://tpm.fail/tpmfail.pdf

πŸ—žοΈ https://serializethoughts.com/2019/10/28/solving-mstg-crackme-angr

πŸ—žοΈ https://blog.infosectcbr.com.au/2019/11/avr-libc-house-of-spirit.html

11/11/2019

πŸ—žοΈ https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html

πŸ—žοΈ https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers

πŸ—žοΈ http://re.alisa.sh/notes/iBoot-address-space.html

04/11/2019

πŸ—žοΈ https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/

πŸ—žοΈ https://lab.wallarm.com/race-condition-in-web-applications/

28/10/2019

πŸ—žοΈ https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/

πŸ—žοΈ https://tagazok.virtualabs.fr/Workshop-How_to_use_btlejack.pdf

πŸ—žοΈ https://cpdos.org

πŸ—žοΈ https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/

21/10/2019

πŸ—žοΈ https://srcincite.io/assets/postscript-pat-and-his-black-and-white-hat.pdf

πŸ—žοΈ https://hacks.mozilla.org/2019/10/firefoxs-new-websocket-inspector/

πŸ—žοΈ https://blog.paloaltonetworks.com/2019/10/cloud-kubernetes-vulnerabilities/

14/10/2019

πŸ—žοΈ https://theevilbit.github.io/posts/few_click_rce_via_github_desktop_macos_client_with_gatekeeper_bypass_and_custom_url_handlers/

πŸ—žοΈ https://medium.com/sensorfu/how-my-application-ran-away-and-called-home-from-redmond-de7af081100d

πŸ—žοΈ https://blog.redteam.pl/2019/10/internal-domain-name-collision-dns.html?m=1

07/10/2019

πŸ—žοΈ https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/

πŸ—žοΈ https://5alt.me/2019/10/HackMD%20Stored%20XSS%20and%20HackMD%20Desktop%20RCE/

πŸ—žοΈ https://googleprojectzero.blogspot.com/2019/09/windows-exploitation-tricks-spoofing.html?m=1

30/09/2019

πŸ—žοΈ https://portswigger.net/research/one-xss-cheatsheet-to-rule-them-all

πŸ—žοΈ https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/

23/09/2019

πŸ—žοΈ https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/

πŸ—žοΈ https://shhnjk.blogspot.com/2019/09/nonce-based-csp-service-worker-csp.html

πŸ—žοΈ https://medium.com/bugbountywriteup/race-condition-that-could-result-to-rce-a-story-with-an-app-that-temporary-stored-an-uploaded-9a4065368ba3

16/09/2019

πŸ—žοΈ https://www.rcesecurity.com/2019/09/H1-4420-From-Quiz-to-Admin-Chaining-Two-0-Days-to-Compromise-an-Uber-Wordpress/

πŸ—žοΈ https://blog.evilpacket.net/2019/leveraging-javascript-debuggers/

πŸ—žοΈ https://medium.com/@cc1h2e1/write-up-of-two-http-requests-smuggling-ff211656fe7d

09/09/2019

πŸ—žοΈ https://medium.com/@prsecurity_/how-to-build-an-internal-red-team-7957ec644695

πŸ—žοΈ https://alephsecurity.com/2019/09/02/Z3-for-webapp-security/

πŸ—žοΈ https://www.synacktiv.com/posts/reverse-engineering/no-grave-but-the-sip-reversing-a-voip-phone-firmware.html

02/09/2019

πŸ—žοΈ https://speakerdeck.com/filedescriptor/the-cookie-monster-in-your-browsers

πŸ—žοΈ https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html

πŸ—žοΈ https://research.aurainfosec.io/same-origin-policy/

26/08/2019

πŸ—žοΈ https://about.gitlab.com/2019/08/14/american-fuzzy-lop-on-gitlab/

πŸ—žοΈ https://dttw.tech/posts/SJ40_7MNS

πŸ—žοΈ https://soroush.secproject.com/blog/2019/08/uploading-web-config-for-fun-and-profit-2/

πŸ—žοΈ http://addxorrol.blogspot.com/2019/08/rashomon-of-disclosure.html?m=1

19/08/2019

πŸ—žοΈ https://i.blackhat.com/USA-19/Thursday/us-19-Birch-HostSplit-Exploitable-Antipatterns-In-Unicode-Normalization.pdf

πŸ—žοΈ https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn/

πŸ—žοΈ https://github.com/trailofbits/audit-kubernetes/blob/master/reports/Kubernetes%20White%20Paper.pdf

12/08/2019

πŸ—žοΈ https://www.msreverseengineering.com/blog/2019/8/5/automation-techniques-in-c-reverse-engineering

πŸ—žοΈ https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn

πŸ—žοΈ https://i.blackhat.com/USA-19/Wednesday/us-19-Munoz-SSO-Wars-The-Token-Menace-wp.pdf

πŸ—žοΈ https://www.imperialviolet.org/2019/08/10/ctap2features.html

05/08/2019

πŸ—žοΈ https://blog.cloudflare.com/a-gentle-introduction-to-linux-kernel-fuzzing/

πŸ—žοΈ http://blog.infosectcbr.com.au/2019/07/linux-heap-tcache-poisoning.html

29/07/2019

πŸ—žοΈ https://www.synacktiv.com/posts/exploit/exploiting-a-no-name-freebsd-kernel-vulnerability.html

πŸ—žοΈ https://blog.ropnop.com/docker-for-pentesters/

πŸ—žοΈ https://medium.com/@iSecMax/сookie-based-xss-exploitation-2300-bug-bounty-story-9bc532ffa564

22/07/2019

πŸ—žοΈ https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/

πŸ—žοΈ https://thezerohack.com/hack-any-instagram

πŸ—žοΈ https://blog.assetnote.io/bug-bounty/2019/07/17/rce-on-zoom/

πŸ—žοΈ https://hackerone.com/reports/587854

15/07/2019

πŸ—žοΈ https://medium.com/@ruvlol/rce-in-jira-cve-2019-11581-901b845f0f

πŸ—žοΈ https://medium.com/@princechaddha/account-takeover-on-airbnb-acquisition-an-unusual-bug-part-2-45fab11dc407

01/07/2019

πŸ—žοΈ http://blog.ret2.io/2019/06/26/attacking-intel-tsx/

πŸ—žοΈ https://blog.ripstech.com/2019/dotcms515-sqli-to-rce/

24/06/2019

πŸ—žοΈ https://medium.com/intigriti/how-spending-our-saturday-hacking-earned-us-20k-60990c4678d4

πŸ—žοΈ https://alephsecurity.com/2019/06/17/xnu-qemu-arm64-1/

17/06/2019

πŸ—žοΈ https://cryptosense.com/blog/how-ledger-hacked-an-hsm/

πŸ—žοΈ https://citizenlab.ca/docs/stalkerware-holistic.pdf

πŸ—žοΈ https://speakerdeck.com/andresriancho/internet-scale-analysis-of-aws-cognito-security

10/06/2019

πŸ—žοΈ https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/

πŸ—žοΈ https://blog.npmjs.org/post/185397814280/plot-to-steal-cryptocurrency-foiled-by-the-npm

πŸ—žοΈ https://www.ee.oulu.fi/research/ouspg/Disclosure_tracking

03/06/2019

πŸ—žοΈ https://code.fb.com/security/service-encryption/

πŸ—žοΈ https://www.chromestatus.com/feature/5088147346030592

πŸ—žοΈ https://docs.google.com/presentation/d/1b955DV2ii-Dgv6YR4kUrJtjGugEqXD3FffTHRfvVSYo/mobilepresent?slide=id.g4525dccad7_0_0

πŸ—žοΈ https://arxiv.org/abs/1905.13055

27/05/2019

πŸ—žοΈ https://github.com/veorq/cryptocoding/

πŸ—žοΈ https://speakerdeck.com/fransrosen/live-hacking-like-a-mvh-a-walkthrough-on-methodology-and-strategies-to-win-big

20/05/2019

πŸ—žοΈ https://guidovranken.com/2019/05/14/differential-fuzzing-of-cryptographic-libraries/

πŸ—žοΈ https://eprint.iacr.org/2019/459.pdf

πŸ—žοΈ https://leakfree.wordpress.com/2015/03/12/php-object-instantiation-cve-2015-1033/

13/05/2019

πŸ—žοΈ https://corb3nik.github.io/blog/ins-hack-2019/bypasses-everywhere

πŸ—žοΈ https://anvilventures.com/blog/looking-inside-the-box.html

06/05/2019

πŸ—žοΈ https://www.synacktiv.com/ressources/GLPI_9.4.0_Type_juggling_auth_bypass.pdf

πŸ—žοΈ https://securityriskadvisors.com/blog/aws-iam-exploitation/

<
29/04/2019

πŸ—žοΈ https://breaking-bits.gitbook.io/breaking-bits/vulnerability-discovery/reverse-engineering/modern-approaches-toward-embedded-research

πŸ—žοΈ https://medium.com/@somdevsangwan/how-i-found-5-redos-vulnerabilities-in-mod-security-crs-ce8474877e6e

πŸ—žοΈ https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/

22/04/2019

πŸ—žοΈ https://www.synacktiv.com/ressources/advisories/Sitecore_CSRF_deserialize_RCE.pdf

πŸ—žοΈ https://gitlab.com/cybears/fall-of-cybeartron/

15/04/2019

πŸ—žοΈ https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/

πŸ—žοΈ https://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html

πŸ—žοΈ https://medium.com/starting-up-security/starting-up-security-policy-104261d5438a

08/04/2019

πŸ—žοΈ https://blog.filippo.io/a-literate-go-implementation-of-poly1305/

πŸ—žοΈ https://medium.com/@terjanq/how-i-am-able-to-hijack-you-1cab793a01d1

πŸ—žοΈ https://ioactive.com/multiple-vulnerabilities-in-androids-download-provider-cve-2018-9468-cve-2018-9493-cve-2018-9546/

πŸ—žοΈ https://blog.doyensec.com/2019/04/03/subverting-electron-apps-via-insecure-preload.html

01/04/2019

πŸ—žοΈ https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/

πŸ—žοΈ https://mogwailabs.de/blog/2019/03/attacking-java-rmi-services-after-jep-290/

πŸ—žοΈ https://chybeta.github.io/2019/03/16/Analysis-for【CVE-2019-5418】File-Content-Disclosure-on-Rails/

25/03/2019

πŸ—žοΈ https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-webpagetest/

πŸ—žοΈ https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5

πŸ—žοΈ https://tosc.iacr.org/index.php/ToSC/article/view/892/843

18/03/2019

πŸ—žοΈ https://medium.com/@sharan.panegav/account-takeover-using-cross-site-websocket-hijacking-cswh-99cf9cea6c50

πŸ—žοΈ https://blog.tint0.com/2019/03/a-saga-of-code-executions-on-zimbra.html?m=1

11/03/2019

πŸ—žοΈ https://medium.com/@DanielC7/remote-code-execution-gaining-domain-admin-privileges-due-to-a-typo-dbf8773df767

πŸ—žοΈ https://www.vulnano.com/2019/03/facebook-messenger-server-random-memory.html

πŸ—žοΈ https://mobile.twitter.com/rootxharsh/status/1104068814810087424

Photo of Louis Nyffenegger
Written by Louis Nyffenegger
Founder and CEO @PentesterLab