Achieved POC for CVE-2020-36239 (Jira Datacenter RCE). Took a bit longer than I thought and there's probably an easier way but got it in the end 😅

Added a new blog post on how I developed a proof of concept exploit for the Jira DC RCE (CVE-2020-36239), including what I did wrong along the way :) dozer.nz/posts/CVE-2020…

Release day! Denis found some issues with ZeroTier that allow an attacker to gain access to private networks. Full advisory available at pulsesecurity.co.nz/advisories/Zer…

firzen.de/building-a-poc… My writeup for CVE-2021-40438. I tried to describe my process and the rationale behind publishing a PoC and explanation. Update your Apache and implement sensible filters folks. #infosec #hacking #CVE

Quick blog post on debugging Java apps in IntelliJ with decompiled source code. dozer.nz/posts/debuggin…

A side-project I've been working on recently. kazet.cc/2022/02/03/fuz…

Speaking at #DEFCON30 this year about some Aruba vulnerabilities forum.defcon.org/node/242208

Had a great time speaking at DEFCON, thanks to everyone that attended!

The video of my DEF CON talk about hacking Aruba Networks products is now available on YouTube: youtube.com/watch?v=kMgXtu… Thanks to DEF CON for a great experience! #DEFCON30

Dynamic analysis is awesome, and we use it to understand target systems and hunt for bugs. @0x446f49 has written up some tricks for debugging dotnet targets, inspired by dozer's write-up for similar techniques in Java. pulsesecurity.co.nz/articles/dotne…

FYI: The policy plugin in ROADtools now includes IP addresses for named locations - they was already being collected into the database but not displayed. Thanks Dirk-jan for merging my PR github.com/dirkjanm/ROADt…

Got #9 on the MSRC Azure Leaderboard for 2024Q1 ! (and #15 across all)

My latest CVEs: Straightforward preauth* RCE as well as a separate bug chain for preauth* -> RCE in Ivanti EPMM forums.ivanti.com/s/article/Secu… *config dependent Details soon!

Feeling seen rn