Introduction This article explores the process of compromising a legacy enterprise application server, EAServer. We start by gaining access to the web console by leveraging default c...
Exploiting nOAuth Vulnerability in Azure AD Applications
Introduction The nOAuth vulnerability was originally discovered by Descope security team and impacts Microsoft Azure AD applications configured to use OAuth. Essentially the vulnerability is a ...
Obfuscating Rust Binaries using LLVM Obfuscator (OLLVM)
UPDATE - 30 November 2023 I have made available a Docker image containing all the required steps to build a Rust toolchain using OLLVM. Currently it is targeting both x86_64-unknown-linux-gnu an...
Real World CTF 2023 - Ferris Proxy - Reverse Engineering
Introduction During RealWorldCTF 2022 there was a RE challenge named “Ferris Proxy”. The challenge includes 2 executables (client and server) and a TCP packet capture file (pcap) that contains d...