Our USB Dead Man Switch can now be purchased in-person at NovaCustom's brick-and-mortar location in The Netherlands.

This page is a collection of my security research, and other infosec-related activities.

Discover how fuzzing can identify critical vulnerabilities in native Android components, strengthening device security.

Note: This is part of my @vr_progress journal. Also, subscribe to my new @SideQuest_256 channel and I might post videos about the Android journey too :D This is a story about how I wasted my weekend over a bug that was categorized as a High/EoP but then couldn’t…

Background

On November 18, 2024, Palo Alto Networks announced the discovery of two critical vulnerabilities, CVE-2024-0012 and CVE-2024-9474, in the operating system that powers their firewall devices. The following day, watchTowr published a report detailing…

Tools for controlling webcam LED on ThinkPad X230. Contribute to xairy/lights-out development by creating an account on GitHub.

Microsoft SQL Server has been found to treat a goblin emoji as equivalent to an empty string, potentially leading to security vulnerabilities in applications that utilize it.

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

Captchas, Monero, Scams and absolutely no JavaScript

UNCONFIRMED (nobody) in CA Program - CA Certificate Compliance. Last updated 2024-12-01.

ThreatFabric has identified a new cash-out tactic that wasn’t seen before called “Ghost Tap”, which cybercriminals use to exploit stolen credit card details linked to mobile payment services like Google Pay and Apple Pay. This method involves relaying NFC…

Learn how Clutch Security debunked the myth of secret rotation with evidence-based research, revealing how attackers exploit exposed Non-Human Identities in seconds. Discover why traditional practices fall short and how Zero Trust and ephemeral identities…

Explore adversarial attacks on AI/ML models through hands-on challenges on Dreadnode’s Crucible CTF platform.

This blog post shows a recent penetration test I performed for some customers’ Salesforce applications (also called Salesforce Communities), in which I exploited some common and other lesser-known flaws, which eventually led to an account takeover vulnerability.…

Introducing our latest project: the OAuth Labs. A hands-on approach to OAuth 2.0 vulnerabilities

This post walks through a new CloudGoat scenario, sqs_flag_shop in AWS.

JP (Translated by ChatGPT) In this article, I'll explain the intended solution for the "Tanuki Udon" challenge presented in SECCON CTF 13. TL;DR An XS-Leaks att…