Posts
Creating a Malicious Atlassian Plugin
Exploring the world of a possible supply chain attack, resulting in a compromised, malicious Confluence plugin
Auditing Atlassian Plugins, 53 0-Days Later
Explaining the process and tooling behind our way of auditing Atlassian plugins, 53 0Days later.
Collabora Online Stored XSS (CVE-2024-29182)
A Writeup for a Stored XSS we found in Collabora Online - CVE-2024-29182
COMfiltrat0r - Exfiltration via WebSerial
During a Data Loss Prevention audit, cyllective managed to find a way to copy files off a Windows computer that had USB storage blocked - introducing COMfiltrat0r
hackbar.ch 202212
Happy new year! 🎉🥳🥂🥳✨ At the end of last year, cyllective helped to organize the hackbar 202212. This post highlights, what this event was about.
Auditing WordPress Plugins
A summarized post about security research of WordPress plugins and the explorational audit spree which followed
OctoberCMS Authenticated RCE (CVE-2022-21705)
Join us in the discovery and exploitation of an authenticated remote code execution vulnerability in OctoberCMS
OctoberCMS Authenticated RCE (CVE-2021-32649)
Follow along in the discovery and exploitation of an authenticated remote code execution vulnerability in OctoberCMS
Plone Authenticated RCE (CVE-2021-32633)
Join the journey into Plone CMS that lead us to discover an authenticated RCE vulnerability
Perspective: Nuclei by projectdiscovery
Nuclei, a fast and customisable vulnerability scanner based on simple YAML based DSL
cy//ective - the cybernetic-collective
We take this opportunity to present what cyllective is all about
HackTheBox - Craft
Writeup on the challenge box Craft from HackTheBox
HackTheBox - Help
Writeup on the challenge box Help from HackTheBox
egress0r - DLP/FW Test Suite
The Data-Loss-Prevention and Firewall Test Suite aka egress0r
Don't Click Shit
Weak passwords, unencrypted communication channels and suspicious files. Learn more about how to stay safe online