Exploiting Markdown Syntax and Telescope Persistent XSS through Markdown (CVE-2014-5144)
Exploiting Markdown Syntax Markdown is wonderful. In fact, this blog post itself is written in Markdown. I don’t need to...
Read more →News Archive
View All →
Abusing URL Shortners to discover sensitive resources or assets
September 23 2015 · websec bruteforce As of late, a fair few companies and startups have been using dedicated URL...
Read more →
Measure Your AI Risk Preparedness with This Interactive Self-Assessment Tool
Effectively managing these risks requires human expertise and strategic oversight. That’s where the AI Risk Readiness Self-Assessment Tool comes in —...
Read more →
Using ngrok to proxy internal servers in restrictive environments
When gaining shell access to a machine on a network, a promising attack vector is to check the internal network...
Read more →
Gaining access to Uber’s user data through AMPScript evaluation
Modern development and infrastructure management practices are fast paced and constantly evolving. In the race to innovate and expand, new...
Read more →
European Council Adopts Cyber Resilience Act
The CRA will be a game-changing regulation for software and connected product security. The CRA imposes cybersecurity requirements for manufacturers...
Read more →
Discovering a zero day and getting code execution on Mozilla’s AWS Network
When Assetnote Continuous Security (CS) monitors your attack surface, one of the things it looks for are instances of WebPageTest....
Read more →
How To Use HackerOne’s Global Vulnerability Policy Map
To help organizations keep up with the shifting landscape of VDP mandates and recommendations, HackerOne has developed the Global Vulnerability...
Read more →
Finding Hidden Files and Folders on IIS using BigQuery
Motivations I recently made a video on how to find hidden files and folders on IIS through the use of...
Read more →
Vulnerability Deep Dive: Gaining RCE Through ImageMagick With Frans Rosen
The file upload vulnerability type is as broad in scope as the number of different file types. These vulnerabilities are...
Read more →
Ransomware gang uses SSH tunnels for stealthy VMware ESXi access
Ransomware actors targeting ESXi bare metal hypervisors are leveraging SSH tunneling to persist on the system while remaining undetected. VMware...
Read more →
Change Healthcare data breach exposed the private data of over half the U.S.
Change Healthcare data breach exposed the private data of over half the U.S. Pierluigi Paganini January 26, 2025 The Change...
Read more →