Only content from Australia and New Zealand this week! Is the rest of the world asleep?
💎 Ruby 3.4 Universal RCE Deserialization Gadget Chain
If you like Ruby as much as I do, you will love Luke's post on Ruby 3.4 Universal RCE Deserialization Gadget Chain. Explore his improvements on the previous Ruby gadget.
🪄 Remote Code Execution with Spring Properties
From File Write to RCE, Steven guides us through this "tour-de-force" in this latest article: Remote Code Execution with Spring Properties.
🌐 Cross-Site POST Requests Without a Content-Type Header
Another article from Luke: Cross-Site POST Requests Without a Content-Type Header. While you're at it, read the rest of the blog 😉
👺 Tales From The Crypt: Microsoft Unicode Collation Oddities Leading to Software Vulnerabilities
I'm just going to share the first sentence of this article: "A goblin emoji and an empty string are the same thing, according to Microsoft SQL Server". That should be more than enough to pique your interest... Tales From The Crypt: Microsoft Unicode Collation Oddities Leading to Software Vulnerabilities
🔐 Windows - Data Protection API (DPAPI) Revisited
A great article from Claudio who I met twice this year! Deep dive into the Data Protection API in this article Windows - Data Protection API (DPAPI) Revisited.
