Jeremy Saldate 

@[email protected]
152 Followers
501 Following
81 Posts

Dad. Husband. Akamai. @harmoniumllc
for research work.

AI. Food. Coffee. Bourbon. Sarcasm / dark humor. Certs prep.

All opinions are my own.

Show threadJeremy Saldate Sep 29, 2023
@jerry Fireball paired with a good hard apple cider is <<chef's kiss>>
Show threadJeremy Saldate Sep 26, 2023
I'm happy to announce that I've accepted a new role at Akamai, as a Sr. Security Architect!
Jeremy Saldate Sep 26, 2023
I've made some great accomplishments while at EHI, and of course there's plenty of work that remains, but, it's time for me to move on.
Jeremy Saldate Jul 20, 2023
This is outstanding work.
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
Jeremy Saldate Jul 20, 2023
My deepest condolences and sympathy goes out to the family and friends of Mr. Kevin Mitnick.
Jeremy Saldate Jul 20, 2023
Twitter is all but useless for me at this point.
Show threadJeremy Saldate Feb 21, 2023

@oj

I was thinking something like:

% wget 'http://127.0.0.1/[insert filename here]'

...but when you said above that you weren't interested in what commands I might run, I decided not to demonstrate syntax.

In the meantime, someone else already posted similar solutions.

Jeremy Saldate Feb 21, 2023

Since the topic of SMS TFA has arisen on the bird site, does this seem like a problem for anyone else, if you've opted for app-based or key-based TFA?

I mean, it would be nice to be able to get account notifications via text, but I don't want to introduce an SMS vulnerability just to be able to receive those notifications.

I see similar preferences presented in many companies' threat models, and considering what seems like common knowledge within the infosec community, I have to wonder why this is still a discussion. If a better TFA option has been chosen, why not use it first?

Show threadJeremy Saldate Dec 21, 2022
@oj It seems like this was answered. file_exists tests for the existence of the file. shell_exec, then executes that file at the system level. If you are allowed to control the target binary by remotely hosting it, then you can craft anything you desire, while requiring no arguments.
Show threadJeremy Saldate Dec 21, 2022

@oj
Ahh, you're gonna make me dust it off. LOL... OK.

1. Attempt to determine OS from banners.
2. Determine valid path and most-likely binary available in target OS to establish command exec. Or host a binary matching your target OS on the attacking machine.
3. Select and execute the chosen binary with no parameters/args.

Remote Code Execution would probably be preferable, to grant you further control over the target binary.

Does this answer your question?