The 401 That Fooled Me - N-Day Review of CVE-2025-49706 in SharePoint

On May 16, 2025, Khoa Dinh (@_l0gg) of Viettel Cyber Security demonstrated a single-request chain from authentication bypass to remote code execution (RCE) in Microsoft SharePoint at Pwn2Own Berlin...

Aug 19, 2025 SharePoint, Exploit Development, Application Security, Patch Diffing, Vulnerability Research, CVE-2025-49706, CVE-2025-49704

When Replicas Go Rogue - A Deep Dive into Cloudflared Replicas Exploitation Scenarios

I’ve been using Cloudflare tunnels for various applications for quite some time. Recently, I noticed a warning box that might have been there all along, but I had never paid attention to it before....

Dec 7, 2024 Cloudflare Security, Cloudflared, AiTM

Deploying CAPEv2 on AWS - A Comprehensive Guide

Introduction CAPEv2, an open-source automated malware analysis system, stands at the forefront of innovative solutions for dissecting and comprehensively understanding malware behavior. Developed...

Feb 25, 2024 Malware Analysis, CAPEv2, Cuckoo

Unauthenticated reconnaissance of AWS account IDs

Why Before diving deep into the methods of AWS account ID enumeration, it’s crucial to understand the importance of this seemingly innocuous piece of information. AWS itself states, “While account...

Oct 6, 2023 AWS Security, Reconnaissance

The 401 That Fooled Me - N-Day Review of CVE-2025-49706 in SharePoint

When Replicas Go Rogue - A Deep Dive into Cloudflared Replicas Exploitation Scenarios

Deploying CAPEv2 on AWS - A Comprehensive Guide

Unauthenticated reconnaissance of AWS account IDs

Trending Tags