I recently spent some time exploring the potential capabilities that an evil IoT device might have within an AWS IoT Core environment. This culminated in the thoughts I've transcribed in this blog post, as well as a command-line tool to help with enumeration and data harvesting during security assessments of products that...
This is a story consisting of several little building blocks and they occurred spread out in time and in different places. It is a story that shows with clarity how our current system with CVE Ids and lots of power given to NVD is a completely broken system.
Nginx, a versatile web server pivotal to numerous internet infrastructures, has held a dominant market share since its inception in 2004, with widespread adoption across websites and Docker containers. This article delves into the intricacies of Nginx, focusing on the location and alias directives that are central to how Nginx
8Base ransomware group has remained relatively unknown despite the massive spike in activity in Summer of 2023, learn more about their attack patterns.
"This is part 1 of a 2-part series on Android SELinux Internals where we will do a deep dive into the world of SELinux on Android and understand its inner workings, along with its functionalities and benefits. We'll discuss how SELinux provides security on Android devices and ways to bypass it."
"In this article, we will dive into the details of an open-redirect vulnerability discovered during the Pwn2Own 2022 event and how we exploited it on a Samsung S22 device. By breaking down the technical aspects and using code snippets, we aim to provide a comprehensive overview of this critical security flaw."
"This post dives into the Android permission system and how a solver was leveraged to find new vulnerabilities. With this approach, a privilege escalation was identified, which was fixed and assigned CVE-2023-20947 by Google."
Bushido Security | "This fuzzing introduction covers all the essentials one should know about the art of fuzzing. It explains major concepts and illustrates them with hands-on exercises the reader can follow."