Nitesh Surana's Avatar

Nitesh Surana

@niteshsurana.com

Cloud Security %0d%0a

25
Followers 55
Following 2
Posts 12.10.2023
Joined
Posts Following

Latest posts by Nitesh Surana @niteshsurana.com

20.12.2024 12:20 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
HEXACON2023 - Exploiting Hardened .NET Deserialization by Piotr Bazydล‚o
HEXACON2023 - Exploiting Hardened .NET Deserialization by Piotr Bazydล‚o YouTube video by Hexacon

[4/n] My Hexacon 2023 talk about .NET Deserialization. New gadgets, insecure serialization (RCE through serialization) and custom gadgets found in the products codebase.

Talk: www.youtube.com/watch?v=_CJm...

White paper: github.com/thezdi/prese...

19.12.2024 11:39 ๐Ÿ‘ 5 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Zero Day Initiative โ€” Exploiting Exchange PowerShell After ProxyNotShell: Part 3 โ€“ DLL Loading Chain for RCE As you may know, I recently presented my Exchange-related talk during OffensiveCon 2024. This series of 4 blog posts is meant to supplement the talk and provide additional technical details. In this...

[3/n] I've followed OffensiveCon talk with a series of 4 blog posts. The most interesting one describes a nice chain of 3 gadgets:
- Arbitrary File Write to drop DLL.
- Arbitrary FIle Read to leak DLL drop location
- DLL load gadget.

www.zerodayinitiative.com/blog/2024/9/...

19.12.2024 11:37 ๐Ÿ‘ 3 ๐Ÿ” 1 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
OffensiveCon24 - Piotr Bazydlo - Half Measures and Full Compromise
OffensiveCon24 - Piotr Bazydlo - Half Measures and Full Compromise YouTube video by OffensiveCon

[2/n] My OffensiveCon 2024 talk about Exchange PowerShell Remoting. It includes details concerning PowerShell Remoting deserialization and custom Exchange converters.

Several RCE chains included.

www.youtube.com/watch?v=AxNO...

19.12.2024 11:34 ๐Ÿ‘ 3 ๐Ÿ” 2 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 0
Preview
Zero Day Initiative โ€” CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud Yes, the title is right. This blog covers an XML eXternal Entity (XXE) injection vulnerability that I found in SharePoint. The bug was recently patched by Microsoft. In general, XXE vulnerabilities ar...

[1/n] I want to kick off my profile here a little bit, thus I'll post several fun projects that I've made last year.

Let's kick off with SharePoint XXE blog, which could be abused due to URL parsing confusion between SharePoint and .NET components:
www.zerodayinitiative.com/blog/2024/5/...

19.12.2024 11:32 ๐Ÿ‘ 4 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

I wrote a fun, little blog post. Remote pre-auth file deletion in SolarWinds ARM allowed to achieve LPE on AD machines ๐Ÿ™ƒ

12.12.2024 18:03 ๐Ÿ‘ 9 ๐Ÿ” 6 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 0
Post image

Picking old, breaking new.

29.11.2024 12:54 ๐Ÿ‘ 1 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0