I haven’t write posts for a while, and now I want to share with you my speeches at OpenSysConf’22 “The history of the one CVE or how to hack hacker on Kali Linux” and BeetechConf’23 “Your code through the eyes of a hacker”.
SSRF vulnerability was found in Tumbler plugin of XFCE. It works on the latest Debian and Kali Linux, and high likely on all Linux distributions with out-of-date XFCE.
Sharing is caring. I decide to try systemize my knowledge and for this I’ve created video course “Ethical hacking and Penetration testing” available for anyone. It contains 10 actual topics.
I spoke at conference Kolesa Conf’21 several days ago with topic “Hacking up-to-date Wordpress”. Presentation shows that cross-site scripting (XSS) almost always will lead to client-side request forgery, and most times to remote code execution (RCE) even in the case with freshest Wordpress.
That was amazing conference and nice collaboration with professionals, especially in the pandemic time.
The only IT / InfoSec / *OPS open conference in Kazakhstan without advertising and vendors. Interesting reports from experienced specialists. Hurry up to register!