Erik Wynter

@[email protected]
184 Followers
133 Following
273 Posts
Making computers go boop instead of beep. Metasploit Contributor. Once-upon-a-time political scientist. No gods, no masters, no borders.🏴 He/Him/They/Them
Githubhttps://github.com/erikwynter
Mediumhttps://medium.com/@erik.wynter
Vimeohttps://vimeo.com/user179264435
Twitterhttps://mobile.twitter.com/WynterErik
Erik WynterDec 19, 2024
Brb, need to update my resume. Changing "wrote Fortran exploit for the lulz" to "crafted totally serious exploit in the 10th most popular programming language in the world". Sauce: https://www.tiobe.com/tiobe-index/
TIOBE Index - TIOBE

TIOBE
Erik WynterMar 27, 2024
So I did a thing...
Erik WynterJan 8, 2024
Nice
Erik WynterDec 20, 2023
Oh geez, they must think I'm far more experienced and knowledgeable than I actually am...
Erik WynterNov 7, 2023
Embarrassed I didn't know this, but TIL that most browsers used to let you perform HTTP basic authentication by specifying the creds in the URL, eg: "http://username:[email protected]". cURL still supports this:
Erik WynterOct 11, 2023
Some context for CVE-2023-22515 (critical Atlassian #Confluence vuln): Some 7.* versions do have the /server-info.action endpoint but are safe (like the official advisory says) The below video shows that both 7.13.7 and 8.5.0 have the endpoint but only the latter is exploitable.
Erik WynterSep 19, 2023
Why am I like this
Erik WynterSep 13, 2023
If you like indie rock, math rock and/or emo, check out Prawn - a totally slept on band that blends all those genres in incredibly creative ways.
Erik WynterSep 7, 2023
Hackerfrens, it is with a mixture of joy, pride, shame and confusion, that I present to you an exploit for OpenTSDB <= 2.4.1 (CVE-2023-36812) written in modern Fortran. Yes, Fortran. I used the http-client lib they added this year. Check it out here: https://github.com/ErikWynter/opentsdb_key_cmd_injection
GitHub - ErikWynter/opentsdb_key_cmd_injection: An exploit for OpenTSDB <= 2.4.1 cmd injection (CVE-2023-36812/CVE-2023-25826) written in Fortran

An exploit for OpenTSDB <= 2.4.1 cmd injection (CVE-2023-36812/CVE-2023-25826) written in Fortran - GitHub - ErikWynter/opentsdb_key_cmd_injection: An exploit for OpenTSDB <= 2.4.1 cmd inject...

GitHub
Erik WynterSep 3, 2023
TFW you're looking into an nday vuln and find a fully functional PoC among the unit tests.