Lot’s of references by [Wayback/Archive] Parsia to great posts by [Wayback/Archive] Raymond Chen mainly on security issues that are not: there is only a vulnerability when you get from the other side of the outside of the airtight hatchway to the inside, not when you are already inside.
Arthur: But can’t you think of something?!
Ford: I did.
Arthur: You did!
Ford: Unfortunately, it rather involved being on the other side of this airtight hatchway—
Arthur: oh.
Ford: —that’s just sealed behind us.
Over the last years a few C:\Windows.msi vulnerabilities have been discovered (and fixed), of which some are linked below.
The core is that the Windows Installer tries to be transactional, and NTFS is, but the combination with installer processes isn’t.
That leads into vulnerabilities where you can insert malicious Roll Back Scripts (.rbs files) and Roll Back Files (.rbf files), and I wonder if by now more have been discovered.
So this post is a kind of reminder to myself (:
Oh, and I learned much more about whoami on Windows, as there whoami /groups shows very detailed SID information. From that, I learned more on the internals of SIDs too!
2.5 years after Miguel summarised the state of AI text models, and given SQL Injection (because of mixing control and data channels) still is a thing in the 2020’s, I wonder both how much improvement there has been on the AI side of things and how much it is used in pen testing.
So I archived the below tweets to be able to read back and figure out on the current state.
It has lots of examples on payloads for various kinds of injections that are excellent teaching material.
Covered are Cross Site Scripting (XSS), SQL Injection, Server Side Template Injection, RFI/LFI, Command Injection, CSV Injection, Directory, Open Redirect and XML External Entity (XXE) Injection.
Just scaring people by telling them I could simply login to your network when you throw away you broken Smart light was not very credible. And eventhough people were kindly speaking up for me I would still like to illustrate how simple it is.
A very minimalistic approach of calling .net runtime functions or accessing properties using only hashes as identifiers. It does not leave any strings or import references since we dynamically resolve the required member from the mscorlib assembly on runtime.
The Wiert Corner - irregular stream of stuff 