| Layer 2 network security bypass using VLAN 0, LLC/SNAP headers and invalid length |
|
|
|
| Skype for Business Audit Part 2 - SKYPErimeterleak |
|
|
|
| New Attack Paths? AS Requested Service Tickets |
|
|
|
| Microsoft Windows Shift F10 Bypass and Autopilot privilge escalation |
|
|
|
| Skype for Business Audit Part 1 - SKYPErsistence |
|
|
|
| How an Akamai misconfiguration earned us USD 46.000 |
|
|
|
| Undermining Microsoft Teams Security by Mining Tokens |
|
|
|
| New technique 403 bypass lyncdiscover.microsoft.com |
|
|
|
| CVE-2022-34715: More Microsoft Windows NFS V4 Remote Code Execution |
|
|
|
| Quasar: Compromising Electron Apps |
|
|
|
| Azure Synapse: Local Privilege Escalation Vulnerability in Spark |
|
|
|
| “GIFShell” — Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs |
|
|
|
| Break Me Out Of Sandbox In Old Pipe - CVE-2022-22715 Windows Dirty Pipe |
|
|
|
| Securing Developer Tools: Argument Injection in Visual Studio Code |
|
|
|
| Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS! |
|
|
|
| Outlook CVE-2022-35742 |
|
|
|
| You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications |
|
|
|
| CVE-2022-30211: Windows L2TP VPN Memory Leak and Use after Free Vulnerability |
|
|
|
| CVE-2022-30216 - Authentication coercion of the Windows “Server” service |
|
|
|
| The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors |
|
|
|
| Revisiting OMI: Analysis of CVE-2022-29149, a privilege escalation vulnerability in Azure OMI |
|
|
|
| Reading Message from Microsoft’s Private Yammer Group |
|
|
|
| Deep understand ASPX file handling and some related attack vectors |
|
|
|
| Logging Passwords in Plaintext in Azure Arc |
|
|
|
| SSD Advisory – Microsoft SharePoint Server WizardConnectToDataStep4 Deserialization Of Untrusted Data RCE |
|
|
|
writeups.xyz
/
Microsoft