MeshCentral: From XSS to RCE
https://t.co/yMB3cPCV9J
With all the hype around Mythos, here is a quick showcase of how existing models can already be used to find vulnerabilities.
In this example, I use Claude Code to find an XSS in MeshCentral RMM that we can then turn into an RCE
Knowing what vulnerabilities are real and which ones are hype is always a challenge CVSS doesn't reflect the real impact. What really matters is if its being actively exploited and if its easy to weaponize with existing POCs or technical writeups.
To help cut through the Hype I created https://t.co/GRozRBG6Dr
Monitors X and Bluesky for social engagement. Then enriches with NVD, CISA KEV and searches for research articles and POCs. Once it has all that it does a sentiment analysis with Claude to give an overall score that will change over time.
Full transparency: @claudeai was also used to help build this
YellowKey is a bit hit or miss with key presses and you may have to format and reset the files on the USB between attempts but it works.
Once you get the cmd prompt use diskpart to mount the volume and you are in.
Tested on Ver 10.0.26100.1 with bitlocker TPM only no pin or password
Normally I use patch_review.py for my monthly reporting on patch Tuesday patches. @KevTheHermit did an amazing job with it.
But since I'm more of a PowerShell guy, I finally came around and moved the codebase to ps1.
If you like #PowerShell feel free:
https://t.co/nzJ0eP2ayC
Sometimes the stars align and you can push out something really fast.
Proxmark3 client now supports sharing json dumpfiles.
Working together with KevTheHermit and his https://t.co/TsYuaorHv2 , it also support MQTT
#bleedingedge
Show your love!!!!
@HagenSchendel Agreed these devices showed their age with organic development on top of old code from a time where the focus was on "it works" rather than "it's secure"
Having been on an embedded devices bug hunting kick recently this was some fun research. 4 Months, 5 CVEs and a CISA advisory later patches are out
https://t.co/x6rbzGtd0o
Workshop at #teissLondon2025 🚨
How would you handle a cyber crisis under pressure? At teissLondon2025, join Kevin Breen, Senior Director of Cyber Threat Research at Immersive Labs, for an interactive workshop that puts your decision-making to the test.
Be there!
@wordfence Can you confirm this is vulnerable on the Free version. I am seeing a 500 type error on the free version that is "fixed" in the pro. They appear to have a different code base.
Managed to replicate the #RCE against the @EmpireC2Project Pretty easy to find, there are a couple of caveats to solve mine is one shot and requires Empire Server restart.