18 January 2023
Nothing new under the Sun – Discovering and exploiting a CDE bug chain
“What has been will be again, […]
21 December 2022
A journey into IoT – Unknown Chinese alarm – Part 4 – Internal communications
Disclaimer: as many other security researchers […]
22 November 2022
Burp Suite and Protobuf
Hi, Last year (I know, I’m […]
12 October 2022
Semgrep rules for Kotlin security assessment
Hi, I recently had the chance […]
7 September 2022
Groovy Template Engine Exploitation – Notes from a real case scenario
Java web applications are far from […]
22 August 2022
Useless path traversals in Zyxel admin interface (CVE-2022-2030)
During our analysis of Zyxel’s device […]
5 August 2022
A journey into IoT – Unknown Chinese alarm – Part 3 – Radio communications
Disclaimer: as many other security researchers […]
26 July 2022
Zyxel authentication bypass patch analysis (CVE-2022-0342)
A few months ago, new firmware […]
7 July 2022
Automating binary vulnerability discovery with Ghidra and Semgrep
“Humans are more suited to recognize […]
22 June 2022
Semgrep rules for PHP security assessment
Hi! According to the official documentation, Semgrep […]
7 June 2022
Multiple vulnerabilities in Zyxel zysh
“We live on a placid island […]
20 May 2022
A journey into IoT – Unknown Chinese alarm – Part 2 – Firmware dump and analysis
Disclaimer: as many other security researchers […]