7 September 2022

Groovy Template Engine Exploitation – Notes from a real case scenario

Java web applications are far from […]

22 August 2022

Useless path traversals in Zyxel admin interface (CVE-2022-2030)

During our analysis of Zyxel’s device […]

26 July 2022

Zyxel authentication bypass patch analysis (CVE-2022-0342)

A few months ago, new firmware […]

7 June 2022

Multiple vulnerabilities in Zyxel zysh

“We live on a placid island […]

5 February 2022

New (and old) shellcode samples

“A vulnerability provides an assembly language […]

8 November 2021

Java Deserialization Scanner 0.7 is out!

Hi! I just released version 0.7 […]

25 October 2021

GitLab CE CVE-2021-22205 in the wild

A few months ago one of […]

5 October 2021

I’ve been published on Phrack!

It finally happened… After more than […]

27 September 2021

My last Solaris talk (not your average keynote)

It’s been a few days since […]

6 April 2021

The INFILTRATE effect: 6 bugs in 6 months

What better way to inaugurate our […]