myuyu / really-good-cybersec

A really good cybersec reading materials.

really-good-cybersec

A really good cybersec reading materials.

Implementing a toy version of TLS 1.3

https://jvns.ca/blog/2022/03/23/a-toy-version-of-tls/

tmpout.sh

https://tmpout.sh/2/

Logic Flaw Leading to RCE in Dynamicweb 9.5.0 - 9.12.7

https://blog.assetnote.io/2022/02/20/logicflaw-dynamicweb-rce/

RWCTF 4th Desperate Cat Writeup

https://github.com/voidfyoo/rwctf-4th-desperate-cat/tree/main/writeup

CVE-2021-22555: Turning \x00\x00 into 10000$

https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html

SSTI Method Confusion in Go.

https://dev.to/pirateducky/ssti-method-confusion-in-go-517p

A story of leaking uninitialized memory from Fastly

https://medium.com/@emil.lerner/leaking-uninitialized-memory-from-fastly-83327bcbee1f

Deep-dive into Windows Active Directory for Penetesters!

https://tajdini.net/blog/forensics-and-security/pentest-windows-active-directory/

Timing attack mitigation must exclude network

https://adam-p.ca/blog/2021/11/constant-time-network/

Put an io_uring on it: Exploiting the Linux Kernel

https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel

Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql

https://flattsecurity.medium.com/finding-an-unseen-sql-injection-by-bypassing-escape-functions-in-mysqljs-mysql-90b27f6542b4

Prototype pollution attack in NodeJS

https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf

elFinder: The story of a repwning

https://www.synacktiv.com/en/publications/elfinder-the-story-of-a-repwning.html

Insecure cipher used in forum software

https://0g.vc/posts/insecure-cipher-gnuboard5/

CVE-2022-27666: Exploit esp6 modules in Linux kernel

https://etenal.me/archives/1825

About

A really good cybersec reading materials.