Open in app

Sign In

Write

Sign In

Johnny Yu (@straight_blast)
Johnny Yu (@straight_blast)

204 Followers

Home

About

May 24, 2021

My RCE PoC walkthrough for (CVE-2021–21974) VMware ESXi OpenSLP heap-overflow vulnerability

Introduction During a recent engagement, I discovered a machine that is running VMware ESXi 6.7.0. Upon inspecting any known vulnerabilities associated with this version of the software, I identified it may be vulnerable to ESXi OpenSLP heap-overflow (CVE-2021–21974). Through googling, I found a blog post by Lucas Leong (@_wmliang_) of Trend…

Exploit Development

13 min read

My RCE PoC walkthrough for (CVE-2021–21974) VMware ESXi OpenSLP heap-overflow vulnerability
My RCE PoC walkthrough for (CVE-2021–21974) VMware ESXi OpenSLP heap-overflow vulnerability
Exploit Development

13 min read


Published in

Walmart Global Tech Blog

·Aug 5, 2020

Hacking Cisco SD-WAN vManage 19.2.2 — From CSRF to Remote Code Execution

Introduction Securing Fortune #1 is exciting, challenging and rewarding — all at the same time. Walmart’s global technology footprint consists of many tech implementations and provides security practitioners with unrivaled challenges and rewards. The Walmart Information Security team works collaboratively with supplier partners to continually enhance the security hygiene of products…

Hacking

18 min read

Hacking Cisco SD-WAN vManage 19.2.2 — From CSRF to Remote Code Execution
Hacking Cisco SD-WAN vManage 19.2.2 — From CSRF to Remote Code Execution
Hacking

18 min read


May 29, 2019

A Debugging Primer with CVE-2019–0708

By: @straight_blast ; straightblast426@gmail.com The purpose of this post is to share how one would use a debugger to identify the relevant code path that can trigger the crash. I hope this post will be educational to people that are excited to learning how to use debugger for vulnerability analysis. …

Programming

10 min read

A Debugging Primer with CVE-2019–0708
A Debugging Primer with CVE-2019–0708
Programming

10 min read


Jul 24, 2018

nc arkos.atredis.com 4444

The folks at Atredis (https://twitter.com/Atredis) recently posted a binary challenge to get the community pumped up for the upcoming Blackhat/Defcon events in Las Vegas. Poking Around I connected to the server (arkos.atredis.com:4444) and it displayed information that are useful to solving the challenge:

Reverse Engineering

30 min read

nc arkos.atredis.com 4444
nc arkos.atredis.com 4444
Reverse Engineering

30 min read


May 1, 2018

My PoC walk through for CVE-2018–6789

By: @straight_blast ; straightblast426@gmail.com Introduction On March 6, 2018, a security researcher named “meh” (will be referred to as author from now on) published a blog post[1] on the vulnerability CVE-2018–6789 that she identified in EXIM 4.89 and below. She gave detailed explanation on how to exploit the vulnerability, however no…

Programming

25 min read

My PoC walk through for CVE-2018–6789
My PoC walk through for CVE-2018–6789
Programming

25 min read

Johnny Yu (@straight_blast)

Johnny Yu (@straight_blast)

204 Followers

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams