Sandro PoppiThe Underestimated Dangers of Cross-Site ScriptingWhenever it comes to cross-site scripting (XSS) findings within a penetration test or bug bounty hunt, the usual simple payload is almost…Dec 30, 2023Dec 30, 2023
Sandro PoppiUsing SANS SIFT Workstation or REMnux with SSL Decrypting ProxiesHow corporate proxies can make live harder also for threat hunters and malware analysts.Apr 9, 2022Apr 9, 2022
Sandro PoppiA bad Combination: Unprivileged Remote Code Execution and privileged File WriteThis post provides a nice little exploit chain I came up with in a recent penetration test.Feb 22, 2022Feb 22, 2022
Sandro PoppiUsing Excel HYPERLINK function for URL SmugglingEvading URL Filters tJan 21, 2022Jan 21, 2022
Sandro PoppiMusings about further Log4Shell Attack VectorsA post from the folks at Blumira caught my attention as they state that web sockets are another attack vector for the infamous log4j…Dec 28, 2021Dec 28, 2021