New blog post and tool: Cracking the Odd Case of Randomness in Java, by joseph elttam.com/blog/cracking-…

हर हर महादेव !! 🙏🙏 महा शिवरात्रि की हार्दिक शुभकामनाएं। #महाशिवरात्रि

Some AppSeccy thoughts on the rule writing experience for CodeQL vs Semgrep spaceraccoon.dev/comparing-rule…

Last year, JS0N Haddix, brendan, sean and I found a pre-auth RCE in Oracle Opera - CVE-2023-21932. This product holds the PII of every guest (including credit cards 😱). It's used by almost all of the big hotel/resort chains around the world. blog.assetnote.io/2023/04/30/rce… - 1/4

For a few months, Sam Curry, Brett Buerhaus, rhys and I focused on hacking EPP servers / ccTLD zones. We're disclosing our work today on the hackcompute blog: hackcompute.com/hacking-epp-se… Our efforts in this space led to the ability to control the DNS zones of the following

Chrome has just unleashed popovers: modal dialogs without JS! Of course you can abuse them for XSS filter evasion: portswigger.net/web-security/c…

The impact achieved here is neat: labs.hakaioffsec.com/nginx-alias-tr… - I remember first reading about this from Frans Rosén - blog.detectify.com/2020/11/10/com…

New writeup on some interesting web app tech. Enjoy! #bugbounty bountyplz.xyz/bugbounty/2023…

I have finally done my first proper bug write-up! This one is about a SOP bypass in Chrome (escalated to ATO) using the Navigation API. Hope someone finds it interesting. Feel free to leave me any comments; I want to improve on this! joaxcar.com/blog/2023/10/0…

My first blog post! It's about CVE-2023-4369, a $10,000 bug I found in ChromeOS in July. The bug used a chrome:// URL XSS to allow Chrome extensions to execute privileged code and read/edit downloaded files without user interaction. 👀 0x44.xyz/blog/cve-2023-…

I just published a write-up about an account takeover where I abused reverse proxy to hijack the OAuth Code. blog.voorivex.team/hijacking-oaut…

🎉 Big congrats to Harsh Jaiswal & Rahul Maini for their incredible research on hacking into Apple using a 0-day in Lucee CMS! 🍎🔥 Check out their detailed blog post to learn more about their findings and methodology: blog.projectdiscovery.io/hello-lucee-le… #AppleHack #Lucee #0Day

Our security researcher hashkitten found one of the most critical exploit chains in the history of Assetnote. Affecting 40k+ instances of ServiceNow, we could execute arbitrary code, access all data without authentication. You can read our blog here: assetnote.io/resources/rese…

When researching request smuggling, I decided that TE.0 would never be exploitable because it requires the back-end server to accept a HTTP request starting with a number + newline.... and no server would be that crazy 🤦‍♂️ Awesome work! Never under-estimate the crazy.

Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code

Mario Draghi’s critique is accurate. A thorough review of EU regulations to eliminate unnecessary rules and streamline activity in Europe would revitalize growth and strengthen competitiveness. Things should be default legal, rather than default illegal.

How can this be called a “continuing resolution” if it includes a 40% pay increase for Congress?

my daily ritual starts with this youtube.com/watch?v=1S1fIS…

Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵

Is the left really just a giant kleptocracy? The evidence increasingly suggests it is.