FortiNAC RCE, NimPlant, LPE via GPO, bypassing Okta MFA, injection with NtQueueApcThreadEx, DKOM attacks on ETW providers, and more!

Phishing in 2023, SaltStack A-Salt, LocalPotato, install4j XXE, LPE in Avast, learning Semgrep, and more!

BY DAVID VEALE, Senior Offensive Cyber Operator Introduction On November 30th, 2022, OpenAI seemingly catapulted Artificial Intelligence (AI) and Machine Learning (ML) into mainstream consciousness with the public beta launch of the ChatGPT project. From philosophers to YouTubers, the power of ChatGPT captured the creativity and imagination of millions. Through all the fanfare, cybersecurity professionals saw dangerous opportunities for use and abuse. Used unethically, AI inc

Pre-Auth RCE in a RoR app, IP phone pwnage, GoAnywhere RCE, Toyota supplier network hack, PipeViewer, reverse socks5, certsync, and more!