The best place with open source exploits When you are looking for a CVE exploit, you probably visit websites like NIST, CVE details, exploit-db or some GitHub repos. Not always you will find the exploit there. Where can you search for it then? Let me show you on the...
#3
Oauth security guide
Oauth security guide Oauth is very common these days. There are a few nice bugs that can be introduced in that mechanism. That's why you should understand it and know common vulnerabilities. There's an excellent paper by Haboob that shows Oauth from the...
Gitlab RCE via metadata
Seeing many RCE payloads in the image metadata, I wondered what is required for those payloads to be triggered. Now I know - there's an awesome report on Hackerone from Gitlab, where it was possible to execute arbitrary commands via metadata in the image....
Single tasking vs multi tasking
note: I describe what works for me and I might not work for you. Multi tasking sounds great! If we could do 2 things at once we could save loads of time, right? For me there are a many things I can do at the same time, for example listening to podcast and walking. I...