When User Input Lines Are Blurred: Indirect Prompt Injection Attack Vulnerabilities in AI LLMs

Why We Should Probably Stop Visually Verifying Checksums

Hello there! Thanks for stopping by. Let me get straight into it and start things off with what a ...

Read More

Hunting For Integer Overflows In Web Servers

Allow me to set the scene and start proceedings off with a definition of an integer overflow, ...

Read More

Spoofing 802.11 Wireless Beacon Management Frames with Manipulated Power Values Resulting in Denial of Service for Wireless Clients

This is another one of those blog posts from me about how I independently carried out some security ...

Read More

(Response) Splitting Up Reverse Proxies To Reach Internal Only Paths

When I’m carrying out security research into a thing, I generally don’t like to Google prior ...

Read More

Hidden Data Exfiltration Using Time, Literally

I was looking at my watch last week and my attention was moved towards the seconds over at the ...

Read More

SNAPPY: Detecting Rogue and Fake 802.11 Wireless Access Points Through Fingerprinting Beacon Management Frames

Read More

From Admin to AdminPlusPlus: Breaking Out of Sandboxed Applications Through Recon, Being Brave and Abusing SSO Domain Account Mappings

I've been pentesting applications for nearly two decades now and throughout that time you get to ...

Read More

Hunting For Password Reset Tokens By Spraying And Using HTTP Pipelining

As is tradition with my blog posts, let’s start off a definition of what HTTP pipelining is all ...

Read More

From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over

For those wondering what GraphQL is…

Read More

When User Impersonation Features In Applications Go Bad

A user impersonation feature typically allows a privileged user, such as an administrator, but ...

Read More

Abusing Time-Of-Check Time-Of-Use (TOCTOU) Race Condition Vulnerabilities in Games, Harry Potter Style

I feel I need to clarify, for legal reasons, that this is nothing to do with any Harry Potter game. ...

Read More

CVE-2023-29383: Abusing Linux chfn to Misrepresent /etc/passwd

A little bit of background for those not familiar with chfn…

Read More

From Creative Password Hashes to Administrator: Gone in 60 Seconds (Or Thereabouts)

Picture the scene, you’re on an application penetration test (as a normal user) and you’ve managed ...

Read More

Reversing (and Recreating) Cryptographic Secrets Found in .NET Assemblies Using Python

Picture the scene - you’re on a penetration test, somehow you’ve got hold of a bunch of .NET ...

Read More