This is very clever: renaming the process to "a\rUid: 0\rGid: 0"! Absolutely kicking myself that I didn't think of that when I was working on an exploit for Apport a little while ago.

I Own your Cloud Shell... Taking over “Azure Cloud Shell” Kubernetes Cluster Through Unsecured Kubelet API hencohen10.medium.com/i-own-your-clo… [30,000$ Bug Bounty] via Chen Cohen

#CodeQL was also used by NASA JPL to find critical bugs on Curiosity mission 9 years ago and they were fixed remotely!

A short post to address an exploit chain I did in last year. Both slides and YouTube video are online now - A Journey Combining Web Hacking and Binary Exploitation in Real World! blog.orange.tw/2021/02/a-jour…

This is a career highlight and an incredible honor. Thank you so much!

JSON Interoperability vulnerabilities sound like they have some serious bug-bounty potential. Nice work once again by Jake Miller/Bishop Fox labs.bishopfox.com/tech-blog/an-e…

I used Radamsa to fuzz and find an inconsistency between 2 NodeJS URL parsers and bypass host whitelisting in Kibana webhooks. The impact was low here but the parser issue can probably cause some trouble in other Node code bases. Read more details 👇 blog.deesee.xyz/fuzzing/securi…

Istio vulnerability with an 8.2 CVSS. They're calling it a 0day. Also a lesson in JWT validation mistakes. > If a JWT token is presented with an issuer that does not match the issuer field specified in JwtProvider, then the request is mistakenly accepted groups.google.com/g/envoy-securi…

More great lessons on fuzzing from Antonio Morales! I am always excited when I see a new post in this series. Thank you for sharing!

Excited to share that I have just started a new position on the AppSec team @BrexHQ! Looking forward to being a part of their awesome team :)

Awesome to see sean finding some epic examples of h2c smuggling! Great work Assetnote team!

Great research by Michael Stepankin! Also, be sure to check out the labs and updates to content at portswigger.net/web-security/o…

Found another jndi bypass like 🟠's groovy bypass using org.yaml.snakeyaml.Yaml. Heres a controller for rouge-jdni to add it to your arsenal gist.github.com/TheGrandPew/74….

Check out our blog post on Context Aware Content Discovery blog.assetnote.io/2021/04/05/con… - we drop a tool (Kiterunner - github.com/assetnote/kite…) and some datasets. Hope you can find more endpoints through our work!

It seems that there is a lot confusion about the log4j JNDI injection vulnerability (CVE 2021-44228). In our latest blog post we provide additional background fundamentals about JNDI and JNDI exploitation (and a lot of links): mogwailabs.de/en/blog/2021/1…

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2021! portswigger.net/research/top-1…

Amazing work James Kettle! I’m just blown away with your creativity in finding new desync variants. I’m looking forward to trying it out in the labs.