This week, we’re excited to share a list of must-read research! These are some of the most fascinating findings we’ve come across in the past week, so don’t miss out—check them out!
❤️ SQL Injection Polyglots
A great article from my good friend Luke on SQL Injection Polyglots. A bit of historical content and some new polyglots for MySQL and SQLite3.
🔓 SELinux bypasses
What is SE Linux and how can you bypass it when dealing with Android kernel exploitation, a really detailed writeup: SELinux bypasses.
🛡️ A deep dive into Linux’s new mseal syscall
A new syscall tailored specifically for exploit mitigation? Make sure you read more about mseal in this article from Trail-of-Bits: A deep dive into Linux’s new mseal syscall.
💻 Bench Press: Leaking Text Nodes with CSS
Is it possible to leak the entire content of an HTML text node only using CSS? Learn more by reading the walkthrough (by the challenge's author) for this CTF challenge: Bench Press: Leaking Text Nodes with CSS.
🪲 Private key extraction over ECDH
IANAC (I Am Not A Cryptographer), but I'm a sucker for a good vulnerability write-up, make sure you read this one: Private key extraction over ECDH.
📚 AppSec eZine #558
AppSec eZine returns with the latest edition—check out issue #558.
