writeups.xyz writeups.xyz / Privilege Escalation

Title Vulnerabilities Programs Authors
How Abusing AWS CloudFormation Led to a Total Takeover of an AWS Environment
ServiceNow Insecure Access Control To Full Admin Takeover
Unleashing the Cloud: A Journey into Hacking College Servers and Uncovering Security Vulnerabilities
Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust
Taking Over an Entire Organization - A Journey Through Multiple Bugs
Spotted: How we discovered Privilege Escalation, missing CloudTrail data and a race condition in AWS Directory Service
GCP CloudSQL Vulnerability Leads to Internal Container Access and Data Exposure
Unintended Path to Exam Domination - AWS EC2 Meta-Data
Tampering with Conditional Access Policies Using Azure AD Graph API
CS:GO: From Zero to 0-day
From One Vulnerability to Another: Outlook Patch Analysis Reveals Important Flaw in Windows API
Hacking Chess.com: My Journey to Unlock Premium Bots on the Android App
What is kong & why we’re relying on it
Privilege Escalations through Integrations
Securing Databricks cluster init scripts
AWS Identity Center (formerly known as AWS SSO): A Guide to Privilege Escalation and Identity and Access Management
Stealing GitHub staff's access token via GitHub Actions
#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services
Vulnerability Spotlight: CVE-2023-0264
User impersonation via stolen UUID code in KeyCloak (CVE-2023-0264)
From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys
BingBang: The AAD misconfiguration that led to Bing.com results manipulation and account takeover explained
Hacking Admin Panel & Getting free subscription
High severity vulnerability fixed in WordPress Elementor Pro plugin.
Escalating Privileges with Azure Function Apps