Showing Posts From

• Alex Gassem
• 29 Feb 2024

Binary Exploitation for SPECIAL Occasions: Privilege Escalation in z/OS

This article explores a privilege escalation technique in z/OS mainframe systems by manipulating the Accessor Environment Element (ACEE). The technique involves creating an APF-authorized assembly program that modifies user flags in memory to gain SPECIAL privileges. The exploit demonstrates how low-level memory structures and system internals can be leveraged to escalate system access.

• Leandro Benade
• 29 Feb 2024

The Hidden Depths of Mainframe Application Testing: More Than (Green) Screen-Deep

Mainframe application security testing requires looking beyond surface-level "green screen" interfaces. The article explores three key vulnerability areas in mainframe environments: application breakouts that allow unauthorized transaction access, surrogate chaining that can bypass environment segregation controls, and downstream misconfigurations in database and system components. Comprehensive security assessments must take a holistic approach to mainframe application testing.

• Donato Capitella
• 21 Feb 2024

Should you let ChatGPT control your browser?

This article explores the security risks of granting Large Language Models (LLMs) control over web browsers. Two attack scenarios demonstrate how prompt injection vulnerabilities can be exploited to hijack browser agents and perform malicious actions. The article highlights critical security challenges in LLM-driven browser automation and proposes potential defense strategies.

• Alex Pettifer Miłosz Gaczkowski
• 6 Feb 2024

Multiple vulnerabilities in eLinkSmart padlocks

Multiple vulnerabilities were found in the eLinkSmart smart lock range. Flaws in the implementation of the locks' Bluetooth Low Energy (BLE) communication and the back-end API enable an attacker to unlock any lock within Bluetooth range, identify the location of any lock in the world, and compromise user credentials. This blog post describes the vulnerabilities, as well as the process followed to identify them, and demonstrates the issues in action.

• Mohit Gupta
• 2 Feb 2024

runc working directory breakout (CVE-2024-21626)

A critical vulnerability in runc (CVE-2024-21626) allows attackers to break out of container filesystems by exploiting a file descriptor leak. The flaw enables setting a container's working directory to the host filesystem, potentially granting unauthorized access to host systems in Kubernetes and containerized environments. Attackers can leverage this vulnerability to access host filesystems, execute malicious code, and potentially compromise multi-tenant Kubernetes clusters.