Blog posts
CTI

World Leaks: An Extortion Platform

Tue 20 May 2025

This article provides an analysis of World Leaks, a new extortion platform that emerged in early 2025, detailing its origins, operational challenges, and collaborations with other threat actors.

Read more
Ambionics / Web Exploitation

Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801)

Wed 12 March 2025

Exploitation of multiple vulnerabilities in GLPI to gain remote code execution from unauthenticated privileges.

Read more
CTI

The business of forged documents: Investigation into a complex network

Fri 28 February 2025

An OSINT investigation into the world of forged documents business

Read more
Ambionics / Tooling

Introducing lightyear, a new way to dump PHP files

Mon 04 November 2024

In this blog post, we describe new techniques to dump PHP files leveraging filters, and a tool that does it.

Read more
Ambionics / Web Exploitation

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 3)

Mon 30 September 2024

In this blog post, we will explore how we can exploit CNEXT, but blind, covering the cases where we have a file read primitive, but cannot get the output.

Read more
Ambionics / Web Exploitation

Jupiter X Core Plugin <= 4.7.5 Authentication Bypass (CVE-2024-7781)

Thu 26 September 2024

An authentication bypass vulnerability was found on Jupiter X Core Plugin <= 4.7.5 (CVE-2024-7781).

Read more