welcome to cyllective's blog
Hello there, we are cyllective and this is our blog where you can read up on the latest news and on our research topics.
Posts
OAuth Labs: OAuth 2.0 Vulnerabilites
Introducing our latest project: the OAuth Labs. A hands-on approach to OAuth 2.0 vulnerabilities
Creating a Malicious Atlassian Plugin
Exploring the world of a possible supply chain attack, resulting in a compromised, malicious Confluence plugin
Auditing Atlassian Plugins, 53 0-Days Later
Explaining the process and tooling behind our way of auditing Atlassian plugins, 53 0Days later.
Collabora Online Stored XSS (CVE-2024-29182)
A Writeup for a Stored XSS we found in Collabora Online - CVE-2024-29182
COMfiltrat0r - Exfiltration via WebSerial
During a Data Loss Prevention audit, cyllective managed to find a way to copy files off a Windows computer that had USB storage blocked - introducing COMfiltrat0r
hackbar.ch 202212
Happy new year! 🎉🥳🥂🥳✨ At the end of last year, cyllective helped to organize the hackbar 202212. This post highlights, what this event was about.
Auditing WordPress Plugins
A summarized post about security research of WordPress plugins and the explorational audit spree which followed
OctoberCMS Authenticated RCE (CVE-2022-21705)
Join us in the discovery and exploitation of an authenticated remote code execution vulnerability in OctoberCMS
OctoberCMS Authenticated RCE (CVE-2021-32649)
Follow along in the discovery and exploitation of an authenticated remote code execution vulnerability in OctoberCMS
Plone Authenticated RCE (CVE-2021-32633)
Join the journey into Plone CMS that lead us to discover an authenticated RCE vulnerability
Perspective: Nuclei by projectdiscovery
Nuclei, a fast and customisable vulnerability scanner based on simple YAML based DSL
cy//ective - the cybernetic-collective
We take this opportunity to present what cyllective is all about
HackTheBox - Craft
Writeup on the challenge box Craft from HackTheBox
HackTheBox - Help
Writeup on the challenge box Help from HackTheBox
egress0r - DLP/FW Test Suite
The Data-Loss-Prevention and Firewall Test Suite aka egress0r
Don't Click Shit
Weak passwords, unencrypted communication channels and suspicious files. Learn more about how to stay safe online