PinnedSecuring PDF Generators Against SSRF VulnerabilitiesSecuring WeasyPrint and wkhtmltopdf against SSRFMay 29, 20233May 29, 20233
AWS CAPTCHA and reCAPTCHA EnterpriseRecently, I was asked to compare AWS CAPTCHA and reCAPTCHA Enterprise, particularly in terms of their implementation. In this post, I’ll…Sep 16Sep 16
Alerting on file changes with GitHub ActionsAppSec engineers often need to monitor file changes in repositories to ensure early detection of vulnerabilities or threats.Apr 161Apr 161
SameSite and SubdomainsThe SameSite cookie attribute is a security measure designed to mitigate certain types of cross-site request forgery (CSRF) attacks.Mar 42Mar 42
Searching for Secrets Across GitHubA few weeks back I read this blog post by Lasso Security and it got me thinking about how easy it is to search for leaked secrets across…Feb 12Feb 12
Taking over WhatsApp accounts by reading voicemailsWhen designing authentication systems, it’s common practice to implement backup mechanisms so users can easily regain access to their…Jan 191Jan 191
Exploiting Parameter Pollution in Golang Web AppsAuthorization Vulnerabilities in Concourse CIFeb 22, 2023Feb 22, 2023
Published inIndependent Security EvaluatorsA Hacker’s Perspective on Faulty Threat Models for Blockchain AssetsThe code might be mistake free, but that doesn’t mean an attacker can’t find security weaknesses in the system’s design.Apr 22, 2019Apr 22, 2019
Published inIndependent Security EvaluatorsHow we turn your Buffalo NAS into our SoldierHow we found unauthenticated OS command injection in the Buffalo TeraStation TS5600D1206Nov 21, 2018Nov 21, 2018
Published inIndependent Security EvaluatorsCritical vulnerabilities Identified in Buffalo TeraStation TS5600D1206 NAS [CVE Disclosure]ISE Labs awarded 7 CVEs for research performed on enterprise NAS device.Nov 8, 2018Nov 8, 2018