Research Featured FileFlows Vulnerabilities - SQL Injection by Decompiling .NET Code Sometimes the good stuff isn’t on the surface. We turned to decompiling .NET code to find a hidden SQL injection flaw.
Research Featured Vibe Hacking: Finding Auth Bypass and RCE in Open Game Panel You've heard of vibe coding, but have you considered vibe hacking? I tried thinking less to find an authentication bypass and RCE in OpenGamePanel.
Research Featured ZendTo NDay Vulnerability Hunting - Unauthenticated RCE in v5.24-3 <= v6.10-4 Discovering NDay flaws in ZendTo filesharing software highlighted an interesting fact: without the issuance of CVEs, vulnerabilities can easily go unpatched.
Research Featured LiquidFiles Vulnerabilities: From Discovery to Disclosure Join us in my quest to find some vulnerabilities in the Liquidfiles application! A full walkthrough awaits detailing the methodology and the findings that made all the effort worthwhile.
Research Featured Hacking the Nokia Fastmile Sometimes the best candidate for security research is the one right in front of you. This post summarises research conducted on Nokia Fastmile devices between 2021 and 2023.
Research Featured A Watchguard Vulnerability That's a "Feature" - GuardLapse Picture this: a feature from a security appliance that willingly dispatches its password hashes to any device on the network. That is precisely what WatchGuard's SSO does under certain circumstances. Does a bad feature warrant filing a CVE? I'm not sure.
Research Featured Arcadyan AW1000 (Telstra 5G Modem) Carrier Unlock Hacking hardware can be fun, it can be even more fun when there's a goal in mind beyond just getting root! Telstra's 5G modems are locked to the Telstra network so lets see if we can change that.
Research Path Traversal in slowscript.httpfileserver The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a Path Traversal vulnerability which permits arbitrary directory listing, file read, and file write.
