Articles Archives - Page 2 of 3

27 February 2023

Abusing Maven’s pom.xml

Apache Maven is a well-known tool […]

21 December 2022

A journey into IoT – Unknown Chinese alarm – Part 4 – Internal communications

Disclaimer: as many other security researchers […]

7 September 2022

Groovy Template Engine Exploitation – Notes from a real case scenario

Java web applications are far from […]

22 August 2022

Useless path traversals in Zyxel admin interface (CVE-2022-2030)

During our analysis of Zyxel’s device […]

5 August 2022

A journey into IoT – Unknown Chinese alarm – Part 3 – Radio communications

Disclaimer: as many other security researchers […]

26 July 2022

Zyxel authentication bypass patch analysis (CVE-2022-0342)

A few months ago, new firmware […]

7 July 2022

Automating binary vulnerability discovery with Ghidra and Semgrep

“Humans are more suited to recognize […]

20 May 2022

A journey into IoT – Unknown Chinese alarm – Part 2 – Firmware dump and analysis

Disclaimer: as many other security researchers […]

3 May 2022

Zyxel firmware extraction and password analysis

Backstory During a red teaming exercise […]

11 April 2022

Semgrep ruleset for C/C++ vulnerability research

“The attack surface is the vulnerability. […]

22 March 2022

A journey into IoT – Unknown Chinese alarm – Part 1 – Discover components and ports

Disclaimer: as many other security researchers […]

3 March 2022

A journey into IoT – Chip identification, BUSSide, and I2C

Hi! Years ago ( 🙁 ) […]

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Abusing Maven’s pom.xml

A journey into IoT – Unknown Chinese alarm – Part 4 – Internal communications

Groovy Template Engine Exploitation – Notes from a real case scenario

Useless path traversals in Zyxel admin interface (CVE-2022-2030)

A journey into IoT – Unknown Chinese alarm – Part 3 – Radio communications

Zyxel authentication bypass patch analysis (CVE-2022-0342)

Automating binary vulnerability discovery with Ghidra and Semgrep

A journey into IoT – Unknown Chinese alarm – Part 2 – Firmware dump and analysis

Zyxel firmware extraction and password analysis

Semgrep ruleset for C/C++ vulnerability research

A journey into IoT – Unknown Chinese alarm – Part 1 – Discover components and ports

A journey into IoT – Chip identification, BUSSide, and I2C

Legal and Administrative

www.humanativaspa.it