Avatar
🗣️

Organizations

Popular posts

  1. 3 Ways In: Exploiting WordPress Plugins via File Upload and Deserialization
    In this post, I break down three real-world vulnerabilities found in WordPress plugins — from unsafe deserialization to arbitrary file upload — and show how they can lead to full compromise.Includes analysis, PoCs, and exploitation details.
    Author: Martino Spagnuolo

    wordpress php exploit

  2. Exploring UTF-16 and its oddities in JavaScript
    Uncovering the unexpected behaviors of JavaScript strings and the challenges posed by UTF-16 encoding
    Author: Luca Famà

    javascript unicode xss utf-16

  3. Why Cross-Site Request Forgery is not dead
    While modern defenses have made CSRF vulnerabilities more challenging to exploit, emerging techniques still pose significant threats
    Author: Luca Famà

    CSRF SameSite Cookie Path Traversal

  4. Common OAuth2 misconfigurations and vulnerabilities
    Let’s take a look at the most common OAuth2 misconfigurations that can lead to vulnerabilities
    Author: Luca Famà

    oauth misconfigurations authorization csrf

  5. Protocol impersonation attacks with QUIC
    Exploring security risks in a ‘Secure by Design’ and modern transport protocol
    Author: Luca Famà

    QUIC HTTP/3 protocol impersonation DNS

  6. Approaching R2R from an RE point of view
    Legit features often turn into something unexpected: an Insomni’hack Teaser 2024 challenge writeup
    Author: Cesare Pizzi

    Reverse engineering ctf dot net R2R

Less
More

Post activity