Articles

• Boost Security Audit - Shielder » May 22, 2024
• Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers » Apr 18, 2024
• pgAdmin (<=8.3) Path Traversal in Session Handling Leads to Unsafe Deserialization and Remote Code Execution (RCE) » Mar 8, 2024
• Hunting for Unauthenticated n-days in Asus Routers » Jan 30, 2024
• How to Decrypt Manage Engine PMP Passwords for Fun and Domain Admin - a Red Teaming Tale » Sep 5, 2022
• Printing Fake Fiscal Receipts - An Italian Job p.2 » May 16, 2022
• Printing Fake Fiscal Receipts - An Italian Job p.1 » Apr 19, 2022
• A Sneak Peek into Smart Contracts Reversing and Emulation » Apr 5, 2022
• Reversing embedded device bootloader (U-Boot) - p.2 » Mar 21, 2022
• Reversing embedded device bootloader (U-Boot) - p.1 » Mar 8, 2022
• fdstealer - write into FDs from other PIDs » Jul 21, 2021
• QilingLab – Release » Jul 21, 2021
• etcshadow.pro: Impress your friends with your `/etc/shadow` knowledge! » Aug 2, 2020
• NotSoSmartConfig: broadcasting WiFi credentials … » Apr 20, 2020
• Don’t open that XML: XXE to RCE in XML plugins … » Oct 24, 2019
• Exploiting an old noVNC XSS (CVE-2017-18635) in OpenStack » Oct 19, 2019
• Gogsownz: Exploiting Gogs » Mar 23, 2019
• WebTech, identify technologies used on websites » Mar 8, 2019
• FridaLab – Writeup » Feb 4, 2019
• Cheatsheet - Flask & Jinja2 SSTI » Sep 3, 2018
• Padding Oracle attack against Telegram Passport » Aug 4, 2018
• KRACK talk @ ToHack » Oct 21, 2017
• Interesting CTF Challenge on the Zip File Format » Oct 13, 2017
• Why you should release your Crypto under GPL » Feb 8, 2016
• Intercepting Android traffic using Charles » Jan 28, 2016
• Intercepting Android traffic using OWASP ZAP » Jan 25, 2016
• Shellshock Update! » Sep 28, 2014
• Shellshock CVE-2014-6271 » Sep 26, 2014