Research Worth Reading Week 48/2024

Published: 01 Dec 2024

Only content from Australia and New Zealand this week! Is the rest of the world asleep?

💎 Ruby 3.4 Universal RCE Deserialization Gadget Chain

If you like Ruby as much as I do, you will love Luke's post on Ruby 3.4 Universal RCE Deserialization Gadget Chain. Explore his improvements on the previous Ruby gadget.

🪄 Remote Code Execution with Spring Properties

From File Write to RCE, Steven guides us through this "tour-de-force" in this latest article: Remote Code Execution with Spring Properties.

🌐 Cross-Site POST Requests Without a Content-Type Header

Another article from Luke: Cross-Site POST Requests Without a Content-Type Header. While you're at it, read the rest of the blog 😉

👺 Tales From The Crypt: Microsoft Unicode Collation Oddities Leading to Software Vulnerabilities

I'm just going to share the first sentence of this article: "A goblin emoji and an empty string are the same thing, according to Microsoft SQL Server". That should be more than enough to pique your interest... Tales From The Crypt: Microsoft Unicode Collation Oddities Leading to Software Vulnerabilities

🔐 Windows - Data Protection API (DPAPI) Revisited

A great article from Claudio who I met twice this year! Deep dive into the Data Protection API in this article Windows - Data Protection API (DPAPI) Revisited.

Photo of PentesterLab
Written by PentesterLab
The platform to learn web hacking and security code review

Join the PentesterLab's Newsletter

Subscribe to get our latest content by email.

    We won't send you spam. Unsubscribe at any time.