Jonathan LeitschuhinInfoSec Write-upsUpdate: Want to take over the Java ecosystem? All you need is a MITM!January 13th-15th, 2020 will break over 21% of the industry’s Java build infrastructure. Six months since my initial article disclosing…5 min read·Jan 8, 2020----
Jonathan LeitschuhNeed MDNS? Just Install iTunesOver 6 years ago I was working on a small project called WPILib. WPILib is a library used by High School FIRST Robotics teams to program…2 min read·Oct 9, 2019----
Jonathan LeitschuhinInfoSec Write-upsZoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!Vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially…16 min read·Jul 8, 2019--107--107
Jonathan LeitschuhinInfoSec Write-upsWant to take over the Java ecosystem? All you need is a MITM!Hundreds of incredibly popular and widely deployed Java libraries & JVM compilers are still downloading their dependencies over HTTP with…14 min read·Jun 10, 2019--3--3
Jonathan LeitschuhLet’s write a (theoretical) Java Library WormThis Article is an addendum to Want to take over the Java ecosystem? All you need is a MITM!4 min read·Jun 10, 2019----
Jonathan LeitschuhinInfoSec Write-upsGradle Plugin Portal: Clickjacking & Cross-Site Request Forgery enabling Account TakeoverTwo security vulnerabilities in the Gradle Plugin Portal would have allowed any website to change the username, email & password of any…9 min read·Jan 9, 2019----
Jonathan LeitschuhinInfoSec Write-upsLeveraging Gradle Plugin wildcard versions for remote code executionExploit allowed any Gradle Plugin on the Gradle Plugin Portal to have it’s artifact coordinates hijacked by a malicious actor.4 min read·Oct 22, 2018----