Alexander Andersson

Posts by Alexander Andersson:

How the Kaseya VSA Zero Day Exploit Worked

This article describes the pre-auth remote code execution in Kaseya VSA Server that was exploited in the recent Revil ransomware campaign. This article clarifies some misconceptions and adds important details to the conversation.

06 Jul 2021 in Cyber Security

Bypassing modern XSS mitigations with code-reuse attacks

Cross-site Scripting (XSS) has been around for almost two decades yet it is still one of the most common vulnerabilities on the web. Many second-line mechanisms have therefore evolved to mitigate the impact of the seemingly endless flow of new vulnerabilities. Quite often I meet the misconception that these second-line mechanisms can be relied upon […]

03 Apr 2020 in Cyber Security

From S3 bucket to Laravel unserialize RCE

Insecure deserialization is a common vulnerability (OWASP TOP10) that very often leads to arbitrary code execution. Today, I’m going to explain how to turn a seemingly harmless deserialization into code execution. This recently came in handy for me in a penetration test of a PHP/Laravel based application. Before we jump down the rabbit hole, I’ll […]

12 Feb 2020 in Cyber Security

Reverse shell through a node.js math parser

CVE-2020-6836 Recently, I performed a penetration test of a typical single-page application, exposing a static React web app and a REST API written in Node.js. This article details how I discovered and exploited a critical vulnerability (now known as CVE-2020-6836) that allowed unauthenticated arbitrary remote code execution. The API had an endpoint that was kind […]

17 Jan 2020 in Cyber Security