Personal website and computer security blog.

The Prototype Pollution vulnerability is specific to the JavaScript programming language. It enables an attacker to add or alter any properties of global object prototypes. Once the property is changed, the code that inherits it will use the injected property…

🚩 Video walkthrough for the "Pizza Paradise" (web) challenge featured in our 1337UP LIVE (CTF) competition 2024! Players found themselves browsing a pizza delivery website, but in fact this was a front for a secretive government panel. The "secret" login…

Automatic SSTI detection tool with interactive interface - vladko312/SSTImap

EXPLORING AND EXPLOITING AN ANDROID "SMART POS" PAYMENT TERMINAL

Today, credit card terminals are undergoing a drastic evolution, moving from specialized hardware and custom-built operating systems to Android devices similar to ordinary smartphones. While…

Discover how reverse engineering led to a $5000 bounty by exploiting a critical vulnerability in a popular Android app

Hi HackerOne Team!

==**NOTE: I'm redoing the report because the last one wasn't looked at correctly #2705602 and the report was closed, so don't close it as duplicate, just see that the takeover...

We're excited to announce one of our latest public program offerings on the HackerOne platform, Capital One!

Contribute to secmob/TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices development by creating an account on GitHub.

Discover how fuzzing can identify critical vulnerabilities in native Android components, strengthening device security.

JP (Translated by ChatGPT) In this article, I'll explain the intended solution for the "Tanuki Udon" challenge presented in SECCON CTF 13. TL;DR An XS-Leaks att…

TruffleHog now automatically decodes Android Package Kit (APK) files and searches them for secrets. It runs ~9x faster than using an external decompiler before calling TruffleHog.

iOS and macOS Decompiler. Contribute to LaurieWired/Malimite development by creating an account on GitHub.

We were having a nice uneventful week at watchTowr, when we got news of some ransomware operators using a zero-day exploit in Cleo MFT software - namely, LexiCom, VLTransfer, and Harmony - applications that many large enterprises rely on to share files securely.…

Through the years, we have seen many attacks exploiting web caches to hijack sensitive information or store malicious payloads. However, as CDNs became more popular, new discrepancies between propriet

A basic Bug Bounty target monitoring tool based on Discord Bot - JackJuly/bugbounty-monitor-bot