Research 22
- Please Mind the CAP – Modern Conditional Access Policy circumvention and what it means for your organisation (webinar recording)
- Weaponize Your Word – Malicious Template Injection
- How to Handle Development Projects in a Pentest Company
- What’s in a Name? Writing custom DNS tunnelling protocol, exploiting unexpected AWS Lambda misconfiguration – in a web app Pen test (Part 2)
- What’s in a Name? Writing custom DNS tunnelling protocol, exploiting unexpected AWS Lambda misconfiguration – in a web app Pen test (Part 1)
- Advisory CVE-2023-43042 – IBM Backup Products Superuser Information Disclosure
- Advisory: IDOR in Microsoft Teams Allows for External Tenants to Introduce Malware
- Online Machine Learning: how to integrate user feedback
- Implementation and Dynamic Generation for Tasks in Apache Airflow
- Advisory CVE-2021-41551 Leostream Connection Broker – Authenticated Zip Slip
- Advisory CVE-2021-41550 Leostream Connection Broker – Authenticated Remote Code Execution
- Burp Suite and Beyond: Exploring non-HTTP protocols using MITM_RELAY
- Detecting known DLL hijacking and named pipe token impersonation attacks with Sysmon
- Advisory CVE-2020-13773 – Ivanti Unified Endpoint Manager Reflected XSS
- Advisory CVE-2020-13769 – Ivanti Unified Endpoint Manager SQL injection
- Advisory CVE-2020-13772 – Ivanti Unified Endpoint Manager system information disclosure
- Advisory CVE-2020-13774 – Ivanti Unified Endpoint Manager authenticated RCE via file upload
- Advisory CVE-2020-13770 – Ivanti Unified Endpoint Manager named pipe token impersonation privilege escalation
- Advisory CVE-2020-13771 – Ivanti Unified Endpoint Manager DLL search order hijacking privilege escalation
- Short introduction to Network Forensics and Indicators of Compromise (IoC)
- CVE 2015-7547 glibc getaddrinfo() DNS Vulnerability
- Research and Development