Welcome to Intrigus’ Security Lab. This is my tiny contribution on securing the world’s software by sharing my knowledge.
My research posts can be found here.
So far I have found and published 13 CVEs, you can find the corresponding advisories here.
Latest Posts
-
RealworldCTF 2024 – Protected-by-Java-SE – Writeup
How to find XXE in CodeQL using CodeQL – unintended CTF challenge solution.
-
Fixing Decompilation of Stack Clash Protected Binaries
How to fix decompilation when everything looks ugly, because stack probing breaks stack pointer tracking.
-
BraekerCTF 2024 – Injecting Commands – Writeup
How to reverse engineer a Mach-O binary from BraekerCTF 2024 that breaks all tools.
-
Finding Insecure TrustManagers and Disabled Hostname Verification with CodeQL
Certificates are a cornerstone of what makes Internet communication secure. In this post, I’m going to show how to find multiple CVEs in usage of the Java
TrustManager... -
ISL-2021-001: Insecure TrustManager in ballerina-platform/ballerina-lang
ballerina-platform/ballerina-lang before commit d7e08e0 used an insecure
TrustManagerfor HTTPS connections making clients vulnerable to a machine-in-the-middle attack (MiTM) and Remote code execution (RCE). -
ISL-2020-008: Missing Hostname Verification and Insecure TrustManager in openMF/mifos-mobile
openMF/mifos-mobile before commit e505f62 disabled hostname verification and used an insecure
TrustManagerfor HTTPS connections making clients vulnerable to a machine-in-the-middle attack (MiTM). -
ISL-2020-007: Missing Hostname Verification and Insecure TrustManager in opencast/opencast
opencast/opencast before commit 4225bf9 disabled hostname verification and used an insecure
TrustManagerfor HTTPS connections making clients vulnerable to a machine-in-the-middle attack (MiTM). -
ISL-2020-006: Missing Hostname Verification and Insecure TrustManager in apache/fineract
apache/fineract before commit e054a6f disabled hostname verification and used an insecure
TrustManagerfor HTTPS connections making clients vulnerable to a machine-in-the-middle attack (MiTM). -
ISL-2020-005: Missing Hostname Verification and Insecure TrustManager in apache/calcite
The
HttpUtils#getURLConnectionfunction of apache/calcite before commit 43eeafc disabled hostname verification and used an insecureTrustManagerfor HTTPS connections making clients vulnerable to a machine-in-the-middle attack... -
Cyber Security Rumble Finals CTF 2023 – elkcip – Writeup
In this post, I’m going to show how to solve elkcip from Cyber Security Rumble Finals CTF 2023 and why SMT/SAT solver choice matters.
-
GitHub Universe 2022 Highlighting my JWT Query
My JWT query is highlighted at GitHub Universe 2022 by the GitHub Security Lab as an example for community-driven security contributions.
-
Google CTF 2022 – LOG4J2 – Writeup
In this post I’m going to show how to solve LOG4J2 from Google CTF 2022 and also touch on why the unintended solution for LOG4J1 worked.
-
Finding Insecure JWT Signature Validation with CodeQL
JSON Web Tokens (JWTs) are notorious for vulnerabilities. In this post I’m going to show how to find multiple CVEs in users of the jwtk/jjwt library.
-
ISL-2021-005: Missing Validation of JWT Signature in fxbin/bubble-fireworks
fxbin/bubble-fireworks before commit 67b2ef4 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT.
-
ISL-2021-004: Missing Validation of JWT Signature in grassrootza/grassroot-platform
grassrootza/grassroot-platform before version 1.3.1 did not properly verify the signature of JSON Web Tokens when refreshing an existing JWT. This allows forging a valid JWT and can lead to authentication...
-
ISL-2021-003: Missing Validation of JWT Signature in nimble-platform/common
nimble-platform/common before commit 3b96cb0 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT and can lead to authentication bypasses.
-
ISL-2021-002: Missing Validation of JWT Signature in ManyDesigns/Portofino
ManyDesigns/Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT and can lead to authentication bypasses.
-
ISL-2020-004: RCE via MiTM in Texas Instruments' Code Composer Studio
The insecure configuration of JxBrowser in the “Getting Started” view of Code Composer Studio allows a machine-in-the-middle attack (MiTM) which can be escalated to remote code execution (RCE).
-
ISL-2020-003: XSS in w3c/css-validator
w3c/css-validator is vulnerable to cross-site scripting (XSS) due to insufficient input sanitization.
-
ISL-2020-002: Arbitrary File Read/Write in loklak/loklak_server
Insufficient input validation allowed a directory traversal vulnerability. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, user-controlled content could be written to...
-
ISL-2020-001: Arbitrary File Read/Write in fossasia/susi_server Leading to RCE
Insufficient input validation allowed a directory traversal vulnerability. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved...
-
From Arbitrary File Write to RCE Using Git Hooks in fossasia/susi_server
In this post I’ll show how to achieve remote code execution using multiple smaller vulnerabilities.
-
Announcing Intrigus' Security Lab
Welcome to Intrigus’ Security Lab (ISL).