Aug 14, 2019
Upon cleaning out some boxes of old wires and techjunk I’d completely forgotten about for years, I came across an old netbook my dad had owned.Netbooks were all the rage back in 2009. One of the pioneers of the netbook revolution was
I managed to get the chance to participate in Pwn2Own 2019 this year, having joined F-Secure two months ago.In total we had 4 entries:TP-Link AC1750 Smart WiFi Router - LAN -
Upon cleaning out some boxes of old wires and techjunk I’d completely forgotten about for years, I came across an old netbook my dad had owned.Netbooks were all the rage back
Today I released a little function that helps IDA users find routes from one function to another. This is incredibly useful when identifying possibly vulnerable functions in order to find paths to an
Today I released HTTPFuzz.HTTPFuzz is a fast generative fuzzer for HTTP written in Python that doesn’t use any additional libraries. It can generate both valid and invalid requests with the intention
Yesterday I managed to get my first two CVEs. One of which is CVE-2018-12591. This is a writeup of how this vulnerability can be exploited. Although it’s not the most complicated vulnerability
Contents:IntroductionBypassing Basic HTTPSBypassing 301 CachingBypass non-preloaded HSTS through NTPBypassing Preloaded HSTS through logic errorsCookie DomainsExploiting with MiTM on DNSExploiting without MiTM on DNSIntroductionThe old ways are dead.Gone are the days where
I’ve spent a lot of my time doing security bits ‘n bobs for a large takeaway EPOS company. Usually this entails a full review all every repository to patch SQL injection vulnerabilities,