PinnedPublished inInfoSec Write-upsZoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!Vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially…Jul 8, 2019107Jul 8, 2019107
You may want to be careful with your choice of `wkhtmltopdf`.https://wkhtmltopdf.org/status.htmlJul 8, 2024Jul 8, 2024
Published inInfoSec Write-upsUpdate: Want to take over the Java ecosystem? All you need is a MITM!January 13th-15th, 2020 will break over 21% of the industry’s Java build infrastructure. Six months since my initial article disclosing…Jan 8, 2020Jan 8, 2020
Need MDNS? Just Install iTunesOver 6 years ago I was working on a small project called WPILib. WPILib is a library used by High School FIRST Robotics teams to program…Oct 9, 2019Oct 9, 2019
Published inInfoSec Write-upsWant to take over the Java ecosystem? All you need is a MITM!Hundreds of incredibly popular and widely deployed Java libraries & JVM compilers are still downloading their dependencies over HTTP with…Jun 10, 20193Jun 10, 20193
Let’s write a (theoretical) Java Library WormThis Article is an addendum to Want to take over the Java ecosystem? All you need is a MITM!Jun 10, 2019Jun 10, 2019
Published inInfoSec Write-upsGradle Plugin Portal: Clickjacking & Cross-Site Request Forgery enabling Account TakeoverTwo security vulnerabilities in the Gradle Plugin Portal would have allowed any website to change the username, email & password of any…Jan 9, 2019Jan 9, 2019
Published inInfoSec Write-upsLeveraging Gradle Plugin wildcard versions for remote code executionExploit allowed any Gradle Plugin on the Gradle Plugin Portal to have it’s artifact coordinates hijacked by a malicious actor.Oct 22, 2018Oct 22, 2018
