18 January 2023

Nothing new under the Sun – Discovering and exploiting a CDE bug chain

“What has been will be again, […]

21 December 2022

A journey into IoT – Unknown Chinese alarm – Part 4 – Internal communications

Disclaimer: as many other security researchers […]

22 November 2022

Burp Suite and Protobuf

Hi, Last year (I know, I’m […]

12 October 2022

Semgrep rules for Kotlin security assessment

Hi, I recently had the chance […]

7 September 2022

Groovy Template Engine Exploitation – Notes from a real case scenario

Java web applications are far from […]

22 August 2022

Useless path traversals in Zyxel admin interface (CVE-2022-2030)

During our analysis of Zyxel’s device […]

5 August 2022

A journey into IoT – Unknown Chinese alarm – Part 3 – Radio communications

Disclaimer: as many other security researchers […]

26 July 2022

Zyxel authentication bypass patch analysis (CVE-2022-0342)

A few months ago, new firmware […]

7 July 2022

Automating binary vulnerability discovery with Ghidra and Semgrep

“Humans are more suited to recognize […]

22 June 2022

Semgrep rules for PHP security assessment

Hi! According to the official documentation, Semgrep […]

7 June 2022

Multiple vulnerabilities in Zyxel zysh

“We live on a placid island […]

20 May 2022

A journey into IoT – Unknown Chinese alarm – Part 2 – Firmware dump and analysis

Disclaimer: as many other security researchers […]