cyllective's blog

Posts

Creating a Malicious Atlassian Plugin

Exploring the world of a possible supply chain attack, resulting in a compromised, malicious Confluence plugin
#web #java #plugins #atlassian

Auditing Atlassian Plugins, 53 0-Days Later

Explaining the process and tooling behind our way of auditing Atlassian plugins, 53 0Days later.
#web #cve #plugins #atlassian

Collabora Online Stored XSS (CVE-2024-29182)

A Writeup for a Stored XSS we found in Collabora Online - CVE-2024-29182
#web #cve #collabora

COMfiltrat0r - Exfiltration via WebSerial

During a Data Loss Prevention audit, cyllective managed to find a way to copy files off a Windows computer that had USB storage blocked - introducing COMfiltrat0r
#dlp #web #hardware

hackbar.ch 202212

Happy new year! 🎉🥳🥂🥳✨ At the end of last year, cyllective helped to organize the hackbar 202212. This post highlights, what this event was about.
#events #hackbar

Auditing WordPress Plugins

A summarized post about security research of WordPress plugins and the explorational audit spree which followed
#web #cms #cve #plugins #wordpress

OctoberCMS Authenticated RCE (CVE-2022-21705)

Join us in the discovery and exploitation of an authenticated remote code execution vulnerability in OctoberCMS
#web #cms #cve #octobercms

OctoberCMS Authenticated RCE (CVE-2021-32649)

Follow along in the discovery and exploitation of an authenticated remote code execution vulnerability in OctoberCMS
#web #cms #cve #octobercms

Plone Authenticated RCE (CVE-2021-32633)

Join the journey into Plone CMS that lead us to discover an authenticated RCE vulnerability
#web #cms #cve #plone

Perspective: Nuclei by projectdiscovery

Nuclei, a fast and customisable vulnerability scanner based on simple YAML based DSL
#tools #perspective #bugbounty #nuclei

cy//ective - the cybernetic-collective

We take this opportunity to present what cyllective is all about
#aboutus

HackTheBox - Craft

Writeup on the challenge box Craft from HackTheBox
#ctf #hackthebox

HackTheBox - Help

Writeup on the challenge box Help from HackTheBox
#ctf #hackthebox

egress0r - DLP/FW Test Suite

The Data-Loss-Prevention and Firewall Test Suite aka egress0r
#tools #dlp #firewall #python #egress0r

Don't Click Shit

Weak passwords, unencrypted communication channels and suspicious files. Learn more about how to stay safe online
#security101 #phishing