bl4sty released a fantastically extendable exploit for the CVE-2023-4911 vulnerability. The exploit code is nice and easy to understand, but after someone asked, I figured it was worth actually documenting how you add

Just a quick post, I was reading this excellent blogpost showing a way to exploit sudo access to logrotate, and had a quick notion in my head that clobbering /etc/ld.so.preload

Yesterday, Moxa published an advisory regarding multiple vulnerabilities in their MXSecurity product. Among the issues fixed in the updates the advisory talks about, is a vulnerability I discovered - CVE-2023-39982. First, before I

Note: this is the "main" blogpost for the talk I am giving at BSides Basingstoke 2023. It spawned a dozen or so other blog posts, some of which have yet to

Editors Note: This post spawned the related "You should be using PSC" and related PSC posts, stuff got out of order in the scheduling process as the SPAxxx Exploitation project developed.