Only content from Australia and New Zealand this week! Is the rest of the world asleep?
If you like Ruby as much as I do, you will love Luke's post on Ruby 3.4 Universal RCE Deserialization Gadget Chain. Explore his improvements on the previous Ruby gadget.
From File Write to RCE, Steven guides us through this "tour-de-force" in this latest article: Remote Code Execution with Spring Properties.
Another article from Luke: Cross-Site POST Requests Without a Content-Type Header. While you're at it, read the rest of the blog 😉
I'm just going to share the first sentence of this article: "A goblin emoji and an empty string are the same thing, according to Microsoft SQL Server". That should be more than enough to pique your interest... Tales From The Crypt: Microsoft Unicode Collation Oddities Leading to Software Vulnerabilities
A great article from Claudio who I met twice this year! Deep dive into the Data Protection API in this article Windows - Data Protection API (DPAPI) Revisited.