27 February 2023
Abusing Maven’s pom.xml
Apache Maven is a well-known tool […]
18 January 2023
Nothing new under the Sun – Discovering and exploiting a CDE bug chain
“What has been will be again, […]
7 September 2022
Groovy Template Engine Exploitation – Notes from a real case scenario
Java web applications are far from […]
22 August 2022
Useless path traversals in Zyxel admin interface (CVE-2022-2030)
During our analysis of Zyxel’s device […]
26 July 2022
Zyxel authentication bypass patch analysis (CVE-2022-0342)
A few months ago, new firmware […]
7 June 2022
Multiple vulnerabilities in Zyxel zysh
“We live on a placid island […]
5 February 2022
New (and old) shellcode samples
“A vulnerability provides an assembly language […]
8 November 2021
Java Deserialization Scanner 0.7 is out!
Hi! I just released version 0.7 […]
25 October 2021
GitLab CE CVE-2021-22205 in the wild
A few months ago one of […]
5 October 2021
I’ve been published on Phrack!
It finally happened… After more than […]
27 September 2021
My last Solaris talk (not your average keynote)
It’s been a few days since […]
6 April 2021
The INFILTRATE effect: 6 bugs in 6 months
What better way to inaugurate our […]