Blog posts
Ambionics / Web Exploitation

Jupiter X Core Plugin <= 4.6.5 Remote Code Execution (CVE-2024-7772)

Thu 26 September 2024

A pre-authentication remote code execution vulnerability was found on Jupiter X Core Plugin <= 4.6.5 (CVE-2024-7772).

Read more
Malware Analysis

StealC Malware Analysis Part 3

Wed 04 September 2024

Retrieve C2 from a wild StealC sample using Binary Ninja API.

Read more
Malware Analysis

StealC Malware Analysis Part 2

Tue 03 September 2024

Retrieve C2 from unpacked loader (stage2) of a wild StealC sample and unpack stage 3 all with MIASM.

Read more
Malware Analysis

StealC Malware Analysis Part 1

Mon 02 September 2024

Unpacking the first stage of StealC packed by pkr_ce1a using MIASM

Read more
CTI

Writing a stealer logs parser

Mon 08 July 2024

This blog post introduces a tool that extracts stolen credentials from text files coming in varying formats in order to address CTI and Red Teaming needs.

Read more
Ambionics / Web Exploitation

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2)

Mon 17 June 2024

In this blog post, we will explore a new way of exploiting the vulnerability on PHP, using direct calls to iconv(), and illustrate the vulnerability by targeting Roundcube, a popular PHP webmail.

Read more