TL;DR A command injection vulnerability in the function tool run_ssh_command_with_credentials() available to AI agents in cai-framework <= 0.5.9 allows to achieve Remote Command Execution. This post describes a vulnerability I discovered in the CAI framework in which incomplete shell escaping inside a tool accessible to AI agents allowed hostile targets to trigger command execution on […]
TL;DR https://github.com/hacktivesec/ghostwire Traditional pentesting distributions (and the Docker versions as well) have become heavy, hard to maintain, and inconsistent across different environments. Ghostwire was created to offer a simpler alternative: a minimal, repeatable, and transparent Docker toolkit with an essential set of tools for web, network, Active Directory, mobile, and post-compromise analysis. The project is […]
The Domino Effect: An Analysis of Catastrophic OPSEC Failures Through Aggregated Technical Lapses This research validates the thesis that major operational security (OPSEC) compromises are overwhelmingly the product of an accumulation of fundamental technical errors, rather than singular, indefensible exploits. Through in-depth forensic analysis of Ross Ulbricht, the FIN7 cybercrime syndicate, and Russian state-sponsored actors […]
TL;DR Gogs is an open source self-hosted Git service. In the version 0.13.2 and prior, there is a stored Cross-Site Scripting (XSS) vulnerability, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated component: pdfjs-1.4.20 under public/plugins/. This issue has been fixed for gogs.io/gogs in version 0.13.3. […]
Non proverò a farvi tornare alla memoria la vostra infanzia da nerd, i primi computer o con quale software vi siete approcciati all’informatica (io non mi ricordo ad essere onesto, qualcosa come Bearshare o MSN…). Preferisco piuttosto parlare degli errori che ho fatto, cosa faccio oggi e dove spero di arrivare tra qualche anno. Buona […]
Introduction Effective cybersecurity relies not only on robust defense mechanisms but also on swift and coordinated incident response procedures. However, even well-prepared organizations can suffer critical failures if response protocols are not strictly followed. This article examines a real-world scenario where a Blue Team’s failure to act decisively during an ongoing cyberattack led to significant […]
TL;DR A Server-Side Template Injection (SSTI) vulnerability in spacy-llm <= v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field. Update spacy-llm to version v0.7.3 or later. What is spaCy spaCy is an open-source software library for advanced natural language processing (NLP), written in the programming languages Python and […]
Introduction Serialization and deserialization mechanisms are always risky operations from a security point of view. In most languages and frameworks, if an attacker is able to deserialize arbitrary input (or just corrupt it as we have demonstrated years ago with the Rusty Joomla RCE) the impact is usually the most critical: Remote Code Execution. Without […]
Introduction In the previous blog post we have covered some internal parts of the codebase that are involved in the intent registration and resolution process. In this one we are going to deepen Deep and App Link resolutions in the Android Operating System and its remote Attack Surface. Deep and App Links are data components […]
Introduction From the official Android documentation, the Intent is described as “an abstract description of an operation to be performed”. Conceptually, it can be simplified as an “intention to do something with another application” across Inter-Process Communication (IPC). One of the most interesting facility that intents offer is the implicit resolution. An application can explicitly […]