This article describes CVE-2020-26886, a local privilege escalation affecting Softaculous < 5.5.7, along with generic tips when facing spooky setuid PHP interpreters. This software is widely deployed with most panels (eg. cPanel, Plesk, DirectAdmin). ...
In this article we will showcase how we used a long forgotten binary to gain root access on the machine, as part of a bug bounty program. No kitties were harmed in the making of this article. ...
USB devices have become ubiquitous in our digital infrastructure. From charging our devices to connecting peripherals, the Universal Serial Bus protocol has achieved what its name suggests - becoming truly universal. This ubiquity, combined with the protocol’s inherent trust model, creates a significant attack surface that modern enterprises must address. The challenge lies in balancing security with usability: while USB ports represent a clear security risk, they remain essential for daily operations. ...