_ _
/ | _| |_ _ _____ ___ ___ ___ ___ ___
_ / / | . | | | | . | _| . | _| -_|
|_|_/ |___|___|_|_|_| _|___|___|_| |___|
|_|
magnusstubman
certifications
OSCE
OSCP
blog
2020-12-06 User-mode API hooks and bypasses: dumpco.re/blog/user-mode-api-hooks-and-bypasses
2020-10-27 Mimikatz under the hood: dumpco.re/blog/mimikatz-under-the-hood
2020-10-27 Another alternative to LSASS dumping: dumpco.re/blog/another-alternative-to-lsass-dumping
2020-10-14 Alternative to LSASS dumping: dumpco.re/blog/alternative-to-lsass-dumping
2020-07-02 Low-tech EDR bypass: dumpco.re/blog/low-tech-edr-bypass
2019-07-01 ASREQRoast - From MITM to hash: dumpco.re/blog/asreqroast
2019-01-15 ntpsec bugs: dumpco.re/blog/ntpsec-bugs
2018-11-11 OOB read in ntpd - writeup on an old bug: dumpco.re/blog/cve-2018-7182
2018-11-07 More bugs in openslp-2.0.0: dumpco.re/blog/more-bugs-in-openslp-2.0.0
2018-10-08 Remote DoS in net-snmp: dumpco.re/blog/net-snmp-5.7.3-remote-dos
2018-06-28 Double-free in openslp: dumpco.re/blog/openslp-2.0.0-double-free
2018-02-05 XSS in instagram-feed: dumpco.re/blog/xss-instagram-feed
2018-01-25 RCE via XSS in WordPress: dumpco.re/blog/xss2rce
2018-01-24 Finding insecure realloc() usage: dumpco.re/blog/bad-realloc
2017-09-05 Analysing nmap results: dumpco.re/blog/nmapoutputbrowser
2016-11-21 Remote NULL pointer dereference in ntpd: dumpco.re/blog/cve-2016-7434
bugs
CVE-2019-12241 Unauthenticated Insecure Deserialization in WordPress plugin 'carts-guru' v1.4.5: dumpco.re/bugs/wp-plugin-carts-guru-id
CVE-2019-12240 Unauthenticated Insecure Deserialization in WordPress plugin 'virim' v0.4: dumpco.re/bugs/wp-plugin-virim-id
CVE-2019-12239 Authed SQLi & CSRF in WordPress plugin 'wp-booking-system' v1.5.1: dumpco.re/bugs/wp-plugin-wp-booking-system-sqli
CVE-2019-11565 Unauthenticated SSRF in WordPress plugin 'print my blog' v1.6.5: dumpco.re/bugs/wp-plugin-print-my-blog-ssrf
CVE-2019-8936 Authenticated NULL pointer dereference ntp 4.2.8p12: dumpco.re/bugs/cve-2019-8936
CVE-2019-6442 Authenticated out-of-bounds write ntpsec 1.1.2: dumpco.re/bugs/ntpsec-authed-oobwrite
CVE-2019-6445 Authenticated NULL pointer dereference ntpsec 1.1.2: dumpco.re/bugs/ntpsec-authed-npe
CVE-2019-6444 Out-of-bounds read ntpsec 1.1.2: dumpco.re/bugs/ntpsec-oobread2
CVE-2019-6443 Out-of-bounds read ntpsec 1.1.2: dumpco.re/bugs/ntpsec-oobread1
CVE-2018-7420 Excessive memory allocation Wireshark git#28960d7: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14403
Division by zero Wireshark git#28960d7: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14402
CVE-2017-17833 Double free openslp 2.0.0: dumpco.re/blog/openslp-2.0.0-double-free
XSS instagram-feed 1.5.1: dumpco.re/blog/xss-instagram-feed
Out-of-bounds read openslp 2.0.0: dumpco.re/blog/more-bugs-in-openslp-2.0.0
CVE-2016-7567 Out-of-bounds read+write openslp 2.0.0: dumpco.re/blog/more-bugs-in-openslp-2.0.0
CVE-2018-18065 NULL pointer dereference net-snmp 5.7.3: https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
CVE-2018-18066 NULL pointer dereference net-snmp 5.7.3: https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
CVE-2018-7182 Out-of-bounds read ntp 4.2.8p10: dumpco.re/blog/cve-2018-7182
CVE-2016-7343 NULL pointer dereference ntp 4.2.8p8: dumpco.re/blog/cve-2016-7434
Out-of-bounds read Wireshark 1.12.6: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11389
exploits
CVE-2019-8936 ntp 4.2.8p12 remote authenticated DoS: dumpco.re/exploits/cve-2019-8936.py
CVE-2019-6442 ntpsec 1.1.2 remote authenticated OOB write PoC: https://www.exploit-db.com/exploits/46178
CVE-2019-6445 ntpsec 1.1.2 remote authenticated DoS: https://www.exploit-db.com/exploits/46177
CVE-2019-6444 ntpsec 1.1.2 remote pre-auth OOB read PoC: https://www.exploit-db.com/exploits/46176
CVE-2019-6443 ntpsec 1.1.2 remote pre-auth OOB read PoC: https://www.exploit-db.com/exploits/46175
CVE-2018-7182 ntp 4.2.8p6-10 remote pre-auth OOB read PoC: https://www.exploit-db.com/exploits/45846
CVE-2016-7567 slpd 2.0.0 remote pre-auth DoS: dumpco.re/exploits/cve-2016-7567.py
CVE-2015-5621 snmpd 5.7.3 remote pre-auth DoS: https://www.exploit-db.com/exploits/45544
CVE-2018-18065 snmpd 5.7.3 remote post-auth DoS: https://www.exploit-db.com/exploits/45547
CVE-2018-12938 slpd 2.0.0 double-free DoS: https://www.exploit-db.com/exploits/44972
CVE-2016-7343 ntp 4.2.8p8 remote pre-auth DoS: https://exploit-db.com/exploits/40806
CVE-2015-7855 ntp 4.2.8p3 remote pre-auth DoS: https://exploit-db.com/exploits/40840
presentations
An Evening of War Stories - Phishing Payload Case Study: https://youtu.be/Bn9ZpyKyBXU
Discount Phish Burn Better: https://youtu.be/PanCPSpU2UQ?t=180 slides: dumpco.re/slides/phishing
User-mode API hooks & Bypasses: https://youtu.be/PanCPSpU2UQ?t=2352 slides: dumpco.re/slides/api-hooks
Man-in-the-Middle: dumpco.re/slides/mitm
(Danish) 4 angreb og 4 losninger alle burde kende til: vimeo.com/462588646
Dev Show: Secure Development Lifecycle: https://www.youtube.com/watch?v=cJgNN1rUMTE
BsidesKBH 2019: Fuzzing: How to throw smart (dumb?) CPU cycles at hard problems: https://vimeo.com/382887342 slides: dumpco.re/fuzz
afl-fuzz introduction slides: dumpco.re/afl
mentions
2021-09-03 https://issuu.com/prosabladet/docs/81928_prosa_9-2021_web
2021-04-12 https://www.version2.dk/artikel/lyt-med-saadan-lyder-naar-scammer-forsoeger-at-hacke-version2-2021-1092428
2021-03-26 https://www.version2.dk/artikel/kaempehacks-saetter-klassisk-it-sikkerhed-skakmat-ideen-mur-holder-ikke-1092360
2021-03-15 https://www.version2.dk/artikel/stilheden-foer-exchange-stormen-vi-forventer-at-danske-virksomheder-bliver-angrebet-inden
2020-06-12 https://www.version2.dk/artikel/idiotisk-telefonsystem-derfor-kan-enhver-staa-bag-smsen-din-mor-eller-chef-1090770
2020-03-27 https://www.version2.dk/artikel/mens-vi-shopper-loes-hjemmefra-kaemper-web-butikker-med-it-sikkerheden-1090309
2019-11-24 https://aflyttet.dk/aflyttet-reloading-special-udsendelse-fra-bsides-cph/ (approx. at the 20minute mark)
2019-08-30 https://www.dr.dk/nyheder/viden/teknologi/populaer-app-var-fyldt-med-ondsindet-kode-100-millioner-android-brugere-kan
2019-05-07 https://cmljnelson.wordpress.com/2019/05/07/print-my-blog-plugin-transparency-report-french-ssrf-fix-improved-json-parsing/
2019-05-01 https://www.version2.dk/artikel/sikkerhedsraadgiver-god-kasse-intet-vaerd-hvis-du-har-standardpassword-1087996
2019-04-06 https://www.dr.dk/nyheder/viden/teknologi/italiensk-politi-overvaager-tusindvis-af-smartphones-ved-en-fejl
2016-11-24 http://securityaffairs.co/wordpress/53732/hacking/cve-2016-9311-ntp-exploit.html
2016-11-23 http://thehackernews.com/2016/11/ntp-server-vulnerability.html
2016-11-22 https://threatpost.com/exploit-code-released-for-ntp-vulnerability/122104/
2016-11-22 https://www.securityweek.com/several-dos-vulnerabilities-patched-ntp
2016-11-21 http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se
misc
Database leaks/dumps: dumpco.re/lab/database-leaks
#_ d
##_ d#
NN#p j0NN
40NNh_ _gN#B0
4JF@NNp_ _g0WNNL@
JLE5@WRNp_ _g@NNNF3_L
_F`@q4WBN@Np_ _gNN@ZL#p"Fj_
"0^#-LJ_9"NNNMp__ _gN#@#"R_#g@q^9"
a0,3_j_j_9FN@N@0NMp__ __ggNZNrNM"P_f_f_E,0a
j L 6 9""Q"#^q@NDNNNMpg____ ____gggNNW#W4p^p@jF"P"]"j F
rNrr4r*pr4r@grNr@q@Ng@q@N0@N#@NNMpmggggmqgNN@NN@#@4p*@M@p4qp@w@m@Mq@r#rq@r
F Jp 9__b__M,Juw*w*^#^9#""EED*dP_@EZ@^E@*#EjP"5M"gM@p*Ww&,jL_J__f F j
-r#^^0""E" 6 q q__hg-@4""*,_Z*q_"^pwr""p*C__@""0N-qdL_p" p J" 3""5^^0r-
t J __,Jb--N""", *_s0M`""q_a@NW__JP^u_p"""p4a,p" _F""V--wL,_F_ F #
_,Jp*^#""9 L 5_a*N"""q__INr" "q_e^"*,p^""qME_ y"""p6u,f j' f "N^--LL_
L ] k,w@#"""_ "_a*^E ba-" ^qj-""^pe" J^-u_f _f "q@w,j f jL
#_,J@^""p `_ _jp-""q _Dw^" ^cj*""*,j^ "p#_ y""^wE_ _F F"^qN,_j
w*^0 4 9__sAF" `L _Dr" m__m""q__a^"m__* "qA_ j" ""Au__f J 0^--
] J_,x-E 3_ jN^" `u _w^*_ _RR_ _J^w_ j" "pL_ f 7^-L_F #
jLs*^6 `_ _&*" q _,NF "wp" "*g" _NL_ p "-d_ F ]"*u_F
,x-"F ] Ax^" q hp" `u jM""u a^ ^, j" "*g_ p ^mg_ D.H. 1992