🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Video up: [KEYNOTE] AI WILL TAKE UR JOB! by Pedro Ribeiro (Pedro Ribeiro) #BSidesLisbon2024 youtu.be/0zAs7wjUhio

testbnull.medium.com/c%C3%B3-g%C3%A… Everything in this blog are already written, this is just for my bad memory only!

testbnull.medium.com/deep-inside-ty… The second part of the blog post about TypeConfuseDelegate gadgetchain analysis, Have a nice weekend guys!

If you are using YSoSerial .Net, we have accepted a few PRs and patched several bugs & improved the ViewState plugin! Merry Christmas 🎅 github.com/pwntester/ysos… Alvaro Muñoz 🇺🇦

sec.vnpt.vn/2025/01/canh-b… A full chained Pre-Auth RCE on WSO2 Identity Manager and API Manager with default config by my old colleague. Do something before it’s getting burned 🔥

Just finished my writeup about CVE-2025-23369, an interesting SAML authentication bypass on GitHub Enterprise Server I reported last year. you can read about it here: repzret.blogspot.com/2025/02/abusin…

A few notes learnt while working with patch diffing! Hope it can help everyone working in this field! 👉 testbnull.medium.com/a-quick-note-o…

🥳The latest !exploitable is here! We're sharing all the joy that comes with exploiting an arbitrary file write in GitLab, while cruising the Mediterranean. 🚢 Everything from onerous configurations to spotty internet! Enjoy! #doyensec #appsec #security blog.doyensec.com/2025/03/18/exp…

You might have noticed that the recent SAML writeups omit some crucial details. In "SAML roulette: the hacker always wins", we share everything you need to know for a complete unauthenticated exploit on ruby-saml, using GitLab as a case-study. portswigger.net/research/saml-…

testbnull.medium.com/bypass-gitlab-… A quick note while analyzing CVE-2025-25291 gitlab saml auth bypass

They deserved this :) Responsible disclosure is a joke!

Poc for 35587 btw,

My new blog for Check Point Research - check it out! 💙 // #ProcessInjection : #WaitingThreadHijacking

Write-up cho bài đăng của anh tuo4n8. Chuyện đã lâu rồi có nhiều thứ mình không còn nhớ. - No outbound Gadgets for CVE-2019-16891. - New JDBC attack chain. For English speakers, please use Google Translate. l0gg.substack.com/p/journey-into…

w00t!! Dinh Ho Anh Khoa (Khoa Dinh) of Viettel Cyber Security needed two attempts, but he successfully demonstrated his exploit of #Microsoft SharePoint. If confirmed, he'll win $100,000 for his efforts. Off to the disclosure room! #Pwn2Own #P2OBerlin

Outstanding! Nguyen Hoang Thach (Thach Nguyen Hoang 🇻🇳) of STARLabs SG used a single integer overflow to exploit #VMware ESXi - a first in #Pwn2Own history. He earns $150,000 and 15 Master of Pwn points. #P2OBerlin

A new Rapid7 Analysis of CVE-2024-58136 was just published to AttackerKB, courtesy of Calum Hutton 🔥 Affecting the Yii framework, this analysis details the root cause and how it can be leveraged for RCE via a dirty file write to a log file: attackerkb.com/topics/U2Ddokj…

My research on CVE-2025-49113 is out. fearsoff.org/research/round…. Happy reading! #CVE #roundcube #poc FearsOff Cybersecurity