Category: Vulnerability Disclosure

Using URI to pop shells via Discord Client

Introduction  Myself and a group of researchers: Styx, CyberSecStu, and 5w0rdFish from The Many Hats Club discovered a vulnerability within the Discord client that enabled an attacker to call local programs on a target system. We then took this flaw and used it to pivot through MS-Word macros to start a reverse TCP shell automatically…
Read more


14th December 2018 0

Global Aviation Cyber Security Issue – AirFASE Write Up

Global Aviation Cyber Security Issue – AirFASE Write Up A small group of security researchers formed of Kizzzzurt (@Infosec_Pom), CyberSecStu (@CyberSecStu) and myself discovered 32 AirFASE devices connected to the public internet via port 8080 over HTTP. The initial discovery was made by Kizzzzurt in early June. We worked in attributing the AirFASE devices to…
Read more


20th July 2018 0