We've published a blog post on how the security research team at Assetnote discovered a pre-authentication RCE vulnerability in Sitecore: blog.assetnote.io/2021/11/02/sit… If you're running Sitecore, please read the remediation details and patch ASAP.

The Assetnote security research team discovered a full-read SSRF vulnerability in Jamf Pro (post-authentication) a few months ago. blog.assetnote.io/2021/11/30/jam… (CVE-2021-39303 & CVE-2021-40809). Tracing sinks to sources is always a valid strategy.

Our security research team discovered a full-read SSRF vulnerability in Jamf Pro. We have published an advisory on this issue here: blog.assetnote.io/2021/11/30/adv… and you can read about the discovery process here: blog.assetnote.io/2021/11/30/jam…

We're looking for a Dev Ops Engineer at Assetnote. At Assetnote we monitor millions of assets on a continuous basis for security exposures. This comes with unique and interesting scaling problems. apply.workable.com/assetnote/j/0E…

Our team discovered a pre-authentication full read SSRF in VMWare Workspace One UEM (AirWatch). If you’re a customer of Assetnote, we have been scanning for this issue for months. The advisory was released recently, please patch. vmware.com/security/advis…

A few months ago, we discovered a post-auth SSRF in VMWare Workspace One Access - CVE-2021-22056 - which allowed you to steal an admin JWT via CSRF or request arbitrary URLs. Check out our blog post! blog.assetnote.io/2022/01/17/wor…

Our security research team discovered an SSRF vulnerability in VMWare Workspace One Access. You can read about the issue on our blog. blog.assetnote.io/2022/01/17/wor… If you're running this software on your attack surface, please remediate the issue by updating Workspace One Access.

If you're interested in the application security research we have done over the last few years, check out our blog post blog.assetnote.io - and if you're interested in the security research role, please apply! apply.workable.com/assetnote/j/F1…

We've released a new blog post and a tool called Ghostbuster which eliminates dangling elastic IPs by performing analysis on your resources within all your AWS accounts. You can read about this here: blog.assetnote.io/2022/02/13/dan…

I'll be speaking about "Finding 0days in Enterprise Web Applications" at Nahamcon 2022. The presentation is about how I found 0days in Websphere, Solarwinds WHD, Sitecore Experience Platform and VMWare Workspace One UEM (AirWatch). #NahamCon2022

Last year we discovered some critical vulnerabilities in VMWare Workspace One UEM (CVE-2021-22054). You can read about our security teams research here: blog.assetnote.io/2022/04/27/vmw…

We've released a new blog post with the full detail @devec0 and I alluded to on our #NahamCon2022 talk on hacking CI systems. Join us on an epic 3-part adventure through Cloudflare's Pages system - from command injection to container escape to compromise blog.assetnote.io/2022/05/06/clo…

We've released a new blog post with the full details from sean and @devec0's #NahamCon2022 talk on hacking CI systems. Join us on an epic 3-part adventure through Cloudflare's Pages system - from command injection to container escape to compromise: blog.assetnote.io/2022/05/06/clo…

brew install

Programming is chaotic magic. There are no rules. You ask a game dev “Can the player summon a giant demon that bursts from the ground in an explosion of lava?” and they’ll say “sure, that’s easy” and then you’ll ask “can the player wear a scarf?” and they’ll go “oof”

A pleasure to meet the infamous Size Chad at the @traderjoe_xyz frens party tonight

In front of a packed house during EthCC, kemal el moujahid announced the launch of #CCIP, expanding Chainlink’s industry-standard Web3 platform to cross-chain communication. Watch this monumental moment in Chainlink history 📺👇

TIL there are orange juice futures

Having the opportunity to work for Michael Gianarakis and shubs as their first hire over the last ~6.5 years has been an incredible privilege—their dedication and vision for Attack Surface Management have been truly inspiring. I’m so proud of everything they’ve built. The amount