Urshila RavindranCVE-2023–22518: Confluence ExploitCVE-2023–22518 is a critical vulnerability impacting Confluence, a popular collaboration and documentation platform. This exploit can grant…Jun 9Jun 9
Urshila RavindranCVE-2022–26352: Decoding the High-Impact RCE Vulnerability in dotCMSdotCMS is an open-source content management system written in Java. It is used by over 10,000 clients in over 70 countries around the globe…May 14, 2023May 14, 2023
Urshila Ravindran“Dirty Pipe” Linux Local Privilege Escalation [CVE-2022–0847]On March 7, 2022, Security researcher Max Kellerman disclosed ‘Dirty Pipe’ — a Linux local privilege escalation vulnerability, plus a proof…May 7, 2023May 7, 2023
Urshila RavindranDLL Side-loading Vulnerability in Cisco AnyConnect 4.x and 5.xThe Cisco AnyConnect version 4.x and 5.x are found to be vulnerable to DLL Side-loading which can have a critical impact if exploited by…May 6, 2023May 6, 2023
Urshila RavindranMicrosoft Exchange SSRF [CVE-2021–26855]Microsoft Exchange SSRF, popularly known as ProxyLogon, is the most well-known Microsoft Exchange Server vulnerability which got introduced…May 27, 20221May 27, 20221
Urshila RavindranSpring4Shell Zero Day RCE [CVE-2022–22965]Spring4Shell is a vulnerability of critical severity affecting Java’s most popular framework, Spring. Many cyber security firms have…May 24, 2022May 24, 2022
Urshila RavindranAD Series | DC Sync AttacksDCSync Attack is a type of “credential dumping” attack that makes use of commands present in Microsoft Directory Replication Service Remote…Apr 1, 2022Apr 1, 2022
Urshila RavindranDecoding PDF InjectionPDF injection was listed down in the top 10 web application hacking techniques of 2020 and still it appears to be one of the most…Oct 17, 20211Oct 17, 20211
Urshila RavindranCommon Attack Vectors for breaking JWT Authentication!In today’s blog, I am gonna cover JWTs, the structure of JWTs, how they look like when you open an application, what to expect, and then I…Oct 9, 2021Oct 9, 2021