global bug bounty adoption accelerates, led by the U.S.
Bug bounty programs have evolved from a niche security tactic into a core component of modern defense strategies worldwide. In this blog, we focus on the US: one of the…
Category: Mix
Introducing Detectify Internal Scanning for internal vulnerability scanning behind the firewall
TL;DR We’re launching Internal Scanning, bringing our proprietary security engines, research-led crawling and fuzzing engine for internal vulnerability scanning behind your firewall. Built by Detectify’s…
Ticket Tricking OpenSSL.org with Google Groups
Over the holidays, I found some time to work on a small idea I had for a while. As a sometimes-Google Workspace admin with a…
InsertScript: SiteKiosk – Breakout
SiteKiosk – Breakout It has been a while since my last blog post, therefore I am going to share two possible bypasses for the software…
InsertScript: Multiple PDF Vulnerabilities – Text and Pictures on Steroids
/*UPDATE */ @irsdl brought two import links to my attention: 2010 formcalc: http://t.co/6OfGLa9Cu1 2013 XXE + SOP Bypass: http://t.co/VZMSVg3HtN It seems like Adobe knew about the SOP issue…
InsertScript: MHTML: x-usc – A feature from the past
What is mhtml ? For those who have never saved a complete web page in Internet Explorer, mhtml or its extensions .mht is most likely…
InsertScript: PDF – How to steal PDFs by injecting JavaScript
Intro Quite some time has passed since my last blog post, so I decided to present a nice feature of PDF. I will use a…
DLL Hijacking via URL files
This blogpost describes how I got annoyed by vulnerabilities in 3rd party Windows applications, which allowed to execute local files but without parameters. So I…
InsertScript: Adobe Reader – PDF callback via XSLT stylesheet in XFA
I have seen on twitter that there is use for another PDF callback Proof-of-Concept in Adobe Reader. Last year a PDF file called “BadPDF” was…
InsertScript: Libreoffice (CVE-2018-16858) – Remote Code Execution via Macro/Event execution
I started to have a look at Libreoffice and discovered a way to achieve remote code execution as soon as a user opens a malicious…
InsertScript: ImageMagick – Shell injection via PDF password
“Use ImageMagick® to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG,…
InsertScript: Blink – DoS of tab via SVG in img tag / CSS context
This is just a quick blogpost to document a behavior in the Blink engine in regards to the processing of SVG images in the context…