2 votes and 0 comments so far on Reddit

How an elusive CI (Continuous Integration) error led us to uncover a hidden man-in-the-middle ssh proxy.

Using hashes maximized for collision probability (in Golang)

This site is design to share my work with programming enthusists like me. My main focus is on software development and security

34 votes and 10 comments so far on Reddit

Since we launched the Security Innovation Blockchain CTF, we have seen the demand for educational resources in the field of smart contract security increase. SI has recently launched V2 of our Blockchain CTF. We also formed a partnership with ConsenSys Diligence…

Malicious users could have seized control over any Samsung account due to a recent vulnerability. By tricking users into a clicking on a malicious link. 

and how it can still be used to run arbitrary code

Hello everyone, we continue disclosure some CVEs/exploits (0days) with specific software/hardware products. Few months ago during my…

0 votes and 4 comments so far on Reddit

1 vote and 0 comments so far on Reddit

This little technique can force your blind XXE to output anything you want!

3 votes and 1 comment so far on Reddit

Imagine the scenario. You’re trying out some cool new Twitter app. It asks you to sign in via OAuth as per usual. You look through the permissions – phew – it doesn’t want t…

Since the support of goo.gl has already ended, I’ve been looking for ways to shorten URLs using Google services. Some time ago I’ve found a bug that allowed me to shorten links using Google’s official g.co shortener. This time I took a look at Firebase Dynamic…

Cylance Inc., the leading provider of AI-driven, prevention-first security solutions, today announced the availability of its virtual chief information sec

Schedule, talks and talk submissions for NoNameCon 2019

Many posts have pointed out that a malicious MySQL server can use the LOAD DATA LOCAL command to read arbitrary files from MYSQL clients. According to this article (chinese) phpMyAdmin开启远程登陆导致本地文件读取, We can read arbitrary file on phpMyAdmin server if $cf…

Magellan is a remote code execution vulnerability that exists in SQLite. As a well-known database, SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence. After testing Chromium was…

Magellan is a remote code execution vulnerability that exists in SQLite. As a well-known database, SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence. After testing Chromium was…

Posts about hacking, coding and other stuffs