Vulnerability 10

• What’s in a Name? Writing custom DNS tunnelling protocol, exploiting unexpected AWS Lambda misconfiguration – in a web app Pen test (Part 2) Jun 13, 2024
• What’s in a Name? Writing custom DNS tunnelling protocol, exploiting unexpected AWS Lambda misconfiguration – in a web app Pen test (Part 1) Jun 6, 2024
• Advisory CVE-2023-43042 – IBM Backup Products Superuser Information Disclosure Dec 21, 2023
• Advisory: IDOR in Microsoft Teams Allows for External Tenants to Introduce Malware Jun 21, 2023
• Advisory CVE-2023-30382 – Half-Life Local Privilege Escalation May 23, 2023
• Butting Heads with a Threat Actor on an Engagement Apr 17, 2023
• Advisory CVE-2022-37832 – Mutiny Network Monitoring Appliance hardcoded credentials Dec 15, 2022
• Advisory CVE-2021-41551 Leostream Connection Broker – Authenticated Zip Slip Jan 26, 2022
• Advisory CVE-2021-41550 Leostream Connection Broker – Authenticated Remote Code Execution Jan 26, 2022
• Securing against new offensive techniques abusing active directory certificate service Jul 6, 2021