PinnedSecuring PDF Generators Against SSRF VulnerabilitiesSecuring WeasyPrint and wkhtmltopdf against SSRFMay 29, 2023A response icon3May 29, 2023A response icon3
AWS CAPTCHA and reCAPTCHA EnterpriseRecently, I was asked to compare AWS CAPTCHA and reCAPTCHA Enterprise, particularly in terms of their implementation. In this post, I’ll…Sep 16, 2024Sep 16, 2024
Alerting on file changes with GitHub ActionsAppSec engineers often need to monitor file changes in repositories to ensure early detection of vulnerabilities or threats.Apr 16, 2024A response icon1Apr 16, 2024A response icon1
SameSite and SubdomainsThe SameSite cookie attribute is a security measure designed to mitigate certain types of cross-site request forgery (CSRF) attacks.Mar 4, 2024A response icon2Mar 4, 2024A response icon2
Searching for Secrets Across GitHubA few weeks back I read this blog post by Lasso Security and it got me thinking about how easy it is to search for leaked secrets across…Feb 12, 2024A response icon1Feb 12, 2024A response icon1
Taking over WhatsApp accounts by reading voicemailsWhen designing authentication systems, it’s common practice to implement backup mechanisms so users can easily regain access to their…Jan 19, 2024A response icon1Jan 19, 2024A response icon1
Exploiting Parameter Pollution in Golang Web AppsAuthorization Vulnerabilities in Concourse CIFeb 22, 2023Feb 22, 2023
Published inIndependent Security EvaluatorsA Hacker’s Perspective on Faulty Threat Models for Blockchain AssetsThe code might be mistake free, but that doesn’t mean an attacker can’t find security weaknesses in the system’s design.Apr 22, 2019Apr 22, 2019
Published inIndependent Security EvaluatorsHow we turn your Buffalo NAS into our SoldierHow we found unauthenticated OS command injection in the Buffalo TeraStation TS5600D1206Nov 21, 2018Nov 21, 2018
Published inIndependent Security EvaluatorsCritical vulnerabilities Identified in Buffalo TeraStation TS5600D1206 NAS [CVE Disclosure]ISE Labs awarded 7 CVEs for research performed on enterprise NAS device.Nov 8, 2018Nov 8, 2018
