Articles worth-reading from 2019

Every week, our twitter account @PentesterLab publishes a list of articles worth-reading. This is the list of all the articles for 2019. Enjoy!!

Our recommended articles for 2019

30/12/2019

🗞️ https://medium.com/@terjanq/clobbering-the-clobbered-vol-2-fb199ad7ec41

🗞️ https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf

23/12/2019

🗞️ https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/

🗞️ https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/

🗞️ https://www.synacktiv.com/posts/pentest/pwning-an-outdated-kibana-with-not-so-sad-vulnerabilities.html

🗞️ https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/

16/12/2019

🗞️ https://hipotermia.pw/bb/http-desync-idor

🗞️ https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md#git-submodule-update-command-execution

🗞️ https://www.reddit.com/r/crypto/comments/e8t17w/comment/faerj2m

🗞️ https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui

🗞️ https://diverto.github.io/2019/11/18/Cracking-LUKS-passphrases

09/12/2019

🗞️ https://github.com/bkimminich/juice-shop/issues/1173#

🗞️ https://css.csail.mit.edu/6.858/2013/readings/plan9auth.pdf

🗞️ https://github.com/netanel01/ctf-writeups/blob/master/googlectf/2019/pwn_gomium/README.md

🗞️ https://www.noob.ninja/2019/12/spilling-local-files-via-xxe-when-http.html?m=1

02/12/2019

🗞️ http://blog.infosectcbr.com.au/2019/11/uclibc-unlink-heap-exploitation.html

🗞️ https://blog.teddykatz.com/2019/11/23/json-padding-oracles.html

25/11/2019

🗞️ https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/

🗞️ https://know.bishopfox.com/research/reasonably-secure-electron

18/11/2019

🗞️ https://tpm.fail/tpmfail.pdf

🗞️ https://serializethoughts.com/2019/10/28/solving-mstg-crackme-angr

🗞️ https://blog.infosectcbr.com.au/2019/11/avr-libc-house-of-spirit.html

11/11/2019

🗞️ https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html

🗞️ https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers

🗞️ http://re.alisa.sh/notes/iBoot-address-space.html

04/11/2019

🗞️ https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/

🗞️ https://lab.wallarm.com/race-condition-in-web-applications/

28/10/2019

🗞️ https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/

🗞️ https://tagazok.virtualabs.fr/Workshop-How_to_use_btlejack.pdf

🗞️ https://cpdos.org

🗞️ https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/

21/10/2019

🗞️ https://srcincite.io/assets/postscript-pat-and-his-black-and-white-hat.pdf

🗞️ https://hacks.mozilla.org/2019/10/firefoxs-new-websocket-inspector/

🗞️ https://blog.paloaltonetworks.com/2019/10/cloud-kubernetes-vulnerabilities/

14/10/2019

🗞️ https://theevilbit.github.io/posts/few_click_rce_via_github_desktop_macos_client_with_gatekeeper_bypass_and_custom_url_handlers/

🗞️ https://medium.com/sensorfu/how-my-application-ran-away-and-called-home-from-redmond-de7af081100d

🗞️ https://blog.redteam.pl/2019/10/internal-domain-name-collision-dns.html?m=1

07/10/2019

🗞️ https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/

🗞️ https://5alt.me/2019/10/HackMD%20Stored%20XSS%20and%20HackMD%20Desktop%20RCE/

🗞️ https://googleprojectzero.blogspot.com/2019/09/windows-exploitation-tricks-spoofing.html?m=1

30/09/2019

🗞️ https://portswigger.net/research/one-xss-cheatsheet-to-rule-them-all

🗞️ https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/

23/09/2019

🗞️ https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/

🗞️ https://shhnjk.blogspot.com/2019/09/nonce-based-csp-service-worker-csp.html

🗞️ https://medium.com/bugbountywriteup/race-condition-that-could-result-to-rce-a-story-with-an-app-that-temporary-stored-an-uploaded-9a4065368ba3

16/09/2019

🗞️ https://www.rcesecurity.com/2019/09/H1-4420-From-Quiz-to-Admin-Chaining-Two-0-Days-to-Compromise-an-Uber-Wordpress/

🗞️ https://blog.evilpacket.net/2019/leveraging-javascript-debuggers/

🗞️ https://medium.com/@cc1h2e1/write-up-of-two-http-requests-smuggling-ff211656fe7d

09/09/2019

🗞️ https://medium.com/@prsecurity_/how-to-build-an-internal-red-team-7957ec644695

🗞️ https://alephsecurity.com/2019/09/02/Z3-for-webapp-security/

🗞️ https://www.synacktiv.com/posts/reverse-engineering/no-grave-but-the-sip-reversing-a-voip-phone-firmware.html

02/09/2019

🗞️ https://speakerdeck.com/filedescriptor/the-cookie-monster-in-your-browsers

🗞️ https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html

🗞️ https://research.aurainfosec.io/same-origin-policy/

26/08/2019

🗞️ https://about.gitlab.com/2019/08/14/american-fuzzy-lop-on-gitlab/

🗞️ https://dttw.tech/posts/SJ40_7MNS

🗞️ https://soroush.secproject.com/blog/2019/08/uploading-web-config-for-fun-and-profit-2/

🗞️ http://addxorrol.blogspot.com/2019/08/rashomon-of-disclosure.html?m=1

19/08/2019

🗞️ https://i.blackhat.com/USA-19/Thursday/us-19-Birch-HostSplit-Exploitable-Antipatterns-In-Unicode-Normalization.pdf

🗞️ https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn/

🗞️ https://github.com/trailofbits/audit-kubernetes/blob/master/reports/Kubernetes%20White%20Paper.pdf

12/08/2019

🗞️ https://www.msreverseengineering.com/blog/2019/8/5/automation-techniques-in-c-reverse-engineering

🗞️ https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn

🗞️ https://i.blackhat.com/USA-19/Wednesday/us-19-Munoz-SSO-Wars-The-Token-Menace-wp.pdf

🗞️ https://www.imperialviolet.org/2019/08/10/ctap2features.html

05/08/2019

🗞️ https://blog.cloudflare.com/a-gentle-introduction-to-linux-kernel-fuzzing/

🗞️ https://rhys.io/post/rce-in-ruby-using-mustache-templates

🗞️ https://blog.matthewbarber.io/2019/07/22/how-to-make-compressed-file-quines

🗞️ http://blog.infosectcbr.com.au/2019/07/linux-heap-tcache-poisoning.html

29/07/2019

🗞️ https://www.synacktiv.com/posts/exploit/exploiting-a-no-name-freebsd-kernel-vulnerability.html

🗞️ https://blog.ropnop.com/docker-for-pentesters/

🗞️ https://medium.com/@iSecMax/сookie-based-xss-exploitation-2300-bug-bounty-story-9bc532ffa564

22/07/2019

🗞️ https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/

🗞️ https://thezerohack.com/hack-any-instagram

🗞️ https://blog.assetnote.io/bug-bounty/2019/07/17/rce-on-zoom/

🗞️ https://hackerone.com/reports/587854

15/07/2019

🗞️ https://medium.com/@ruvlol/rce-in-jira-cve-2019-11581-901b845f0f

🗞️ https://www.cs.purdue.edu/homes/schau/files/pkcs1v1_5-ndss19.pdf

🗞️ https://medium.com/@princechaddha/account-takeover-on-airbnb-acquisition-an-unusual-bug-part-2-45fab11dc407

01/07/2019

🗞️ http://blog.ret2.io/2019/06/26/attacking-intel-tsx/

🗞️ https://blog.ripstech.com/2019/dotcms515-sqli-to-rce/

24/06/2019

🗞️ https://medium.com/intigriti/how-spending-our-saturday-hacking-earned-us-20k-60990c4678d4

🗞️ https://alephsecurity.com/2019/06/17/xnu-qemu-arm64-1/

17/06/2019

🗞️ https://cryptosense.com/blog/how-ledger-hacked-an-hsm/

🗞️ https://citizenlab.ca/docs/stalkerware-holistic.pdf

🗞️ https://speakerdeck.com/andresriancho/internet-scale-analysis-of-aws-cognito-security

10/06/2019

🗞️ https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/

🗞️ https://blog.npmjs.org/post/185397814280/plot-to-steal-cryptocurrency-foiled-by-the-npm

🗞️ https://www.ee.oulu.fi/research/ouspg/Disclosure_tracking

03/06/2019

🗞️ https://code.fb.com/security/service-encryption/

🗞️ https://www.chromestatus.com/feature/5088147346030592

🗞️ https://docs.google.com/presentation/d/1b955DV2ii-Dgv6YR4kUrJtjGugEqXD3FffTHRfvVSYo/mobilepresent?slide=id.g4525dccad7_0_0

🗞️ https://arxiv.org/abs/1905.13055

27/05/2019

🗞️ https://github.com/veorq/cryptocoding/

🗞️ https://speakerdeck.com/fransrosen/live-hacking-like-a-mvh-a-walkthrough-on-methodology-and-strategies-to-win-big

🗞️ https://teamrot.fi/2019/05/23/self-hosted-burp-collaborator-with-custom-domain/

20/05/2019

🗞️ https://guidovranken.com/2019/05/14/differential-fuzzing-of-cryptographic-libraries/

🗞️ https://eprint.iacr.org/2019/459.pdf

🗞️ https://leakfree.wordpress.com/2015/03/12/php-object-instantiation-cve-2015-1033/

13/05/2019

🗞️ https://corb3nik.github.io/blog/ins-hack-2019/bypasses-everywhere

🗞️ https://www.colecornford.com/post/2019-04-06-subresource-integrity/

🗞️ https://anvilventures.com/blog/looking-inside-the-box.html

06/05/2019

🗞️ https://www.synacktiv.com/ressources/GLPI_9.4.0_Type_juggling_auth_bypass.pdf

🗞️ https://securityriskadvisors.com/blog/aws-iam-exploitation/

🗞️ https://blog.syscall.party/post/ltdh-re-walkthrough/

29/04/2019

🗞️ https://breaking-bits.gitbook.io/breaking-bits/vulnerability-discovery/reverse-engineering/modern-approaches-toward-embedded-research

🗞️ https://medium.com/@somdevsangwan/how-i-found-5-redos-vulnerabilities-in-mod-security-crs-ce8474877e6e

🗞️ https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/

22/04/2019

🗞️ https://www.synacktiv.com/ressources/advisories/Sitecore_CSRF_deserialize_RCE.pdf

🗞️ https://gitlab.com/cybears/fall-of-cybeartron/

15/04/2019

🗞️ https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/

🗞️ https://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html

🗞️ http://sec.eddyproject.com/6000-hackerone-disclosed-reports/

🗞️ https://medium.com/starting-up-security/starting-up-security-policy-104261d5438a

08/04/2019

🗞️ https://blog.filippo.io/a-literate-go-implementation-of-poly1305/

🗞️ https://medium.com/@terjanq/how-i-am-able-to-hijack-you-1cab793a01d1

🗞️ https://ioactive.com/multiple-vulnerabilities-in-androids-download-provider-cve-2018-9468-cve-2018-9493-cve-2018-9546/

🗞️ https://blog.doyensec.com/2019/04/03/subverting-electron-apps-via-insecure-preload.html

01/04/2019

🗞️ https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/

🗞️ https://mogwailabs.de/blog/2019/03/attacking-java-rmi-services-after-jep-290/

🗞️ https://chybeta.github.io/2019/03/16/Analysis-for【CVE-2019-5418】File-Content-Disclosure-on-Rails/

25/03/2019

🗞️ https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-webpagetest/

🗞️ https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5

🗞️ https://tosc.iacr.org/index.php/ToSC/article/view/892/843

18/03/2019

🗞️ https://medium.com/@sharan.panegav/account-takeover-using-cross-site-websocket-hijacking-cswh-99cf9cea6c50

🗞️ https://people.eng.unimelb.edu.au/vjteague/UniversalVerifiabilitySwissPost.pdf

🗞️ https://blog.tint0.com/2019/03/a-saga-of-code-executions-on-zimbra.html?m=1

11/03/2019)

🗞️ https://medium.com/@DanielC7/remote-code-execution-gaining-domain-admin-privileges-due-to-a-typo-dbf8773df767

🗞️ https://www.vulnano.com/2019/03/facebook-messenger-server-random-memory.html

🗞️ https://mobile.twitter.com/rootxharsh/status/1104068814810087424