all InfoSec news
HackTheBox - Pilgrimage
Nov. 25, 2023, 3 p.m. | IppSec
IppSec www.youtube.com
00:55 - Start of nmap
03:00 - Uploading an image file and trying to identify how the upload works
06:20 - Running Git-Dumper to download the exposed .git directory, taking a look at the source code
09:45 - Looking at the ImageMagick version (7.1.0-49) and seeing it is vulnerable to CVE-2022-44268
13:30 - Generating a malicious image and downloading the sqlite database
19:30 - Doing a PS and seeing inotifywait is being used to run a bash …
code cve directory download exposed file git git-dumper hackthebox identify image imagemagick introduction nmap running source code start upload version vulnerable
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Principal Security Analyst - Threat Labs (Position located in India) (Remote)
@ KnowBe4, Inc. | Kochi, India
Cyber Security - Cloud Security and Security Architecture - Manager - Multiple Positions - 1500860
@ EY | Dallas, TX, US, 75219
Enterprise Security Architect (Intermediate)
@ Federal Reserve System | Remote - Virginia
Engineering -- Tech Risk -- Global Cyber Defense & Intelligence -- Associate -- Dallas
@ Goldman Sachs | Dallas, Texas, United States
Vulnerability Management Team Lead - North Central region (Remote)
@ GuidePoint Security LLC | Remote in the United States