• Unauthenticated remote code execution on BYOB via arbitrary file write (CVE-2024-45256) + command injection (CVE-2024-45257) Aug 15, 2024 - 6 min read
• Unauthenticated SSRF (CVE-2024-41570) on Havoc C2 teamserver via spoofed demon agent Jul 13, 2024 - 20 min read
• Remote code execution (CVE-2024-30850) on CHAOS RAT v5.01 web panel via spoofed agent callbacks (CVE-2024-31839) Apr 5, 2024 - 7 min read
• Remote code execution on NorthStar C2 agents via malicious agent registrations (CVE-2024-28741) Mar 11, 2024 - 11 min read