This article describes CVE-2020-26886, a local privilege escalation affecting Softaculous < 5.5.7, along with generic tips when facing spooky setuid PHP interpreters. This software is widely deployed with most panels (eg. cPanel, Plesk, DirectAdmin). Read more

In this article we will showcase how we used a long forgotten binary to gain root access on the machine, as part of a bug bounty program. No kitties were harmed in the making of this article. Read more

Last week, I’ve looked at various security features offered by macOS, how they are enabled, and especially if they can be enabled on binary files without creating .app bundles. Introduced in OS X 10.5, the quarantine is enabled with an extended flag attribute (xattr) added to downloaded files, assuming the application respects this convention. The flag used by macOS is com.apple.quarantine, and Gatekeeper relies on it to only verify files from untrusted origin. Read more

Minecraft is a survival game published by Mojang, owned by Microsoft. When you start playing, you don’t have anything and you must break blocks ("mine") `and build structures and craft objects to progress. We usually call this genre “sandboxing game”, but ironically we can’t say the same when it comes to security. Read more