Nils competed in the DEF CON 33 CTF finals, placing 8th while running attack-defense operations, participating in the LiveCTF, and publishing a write-up on exploiting a Jukebooox bug leading to a glibc leak and ROP chain.
Nils competed in the DEF CON 33 CTF finals, placing 8th while running attack-defense operations, participating in the LiveCTF, and publishing a write-up on exploiting a Jukebooox bug leading to a glibc leak and ROP chain.
We describe two vulnerabilities in the learning management platform ILIAS that we found as part of a recent client engagement. Exploiting a stored XSS we achieve command execution as root.
We describe two vulnerabilities in the learning management platform ILIAS that we found as part of a recent client engagement. Exploiting a stored XSS we achieve command execution as root.
Fuzzing is an effective technique for finding bugs, but it’s only as effective as your fuzzing harness. We explore the secrets of good harnessing for fuzzing, from common mistakes to best practices.
Fuzzing is an effective technique for finding bugs, but it’s only as effective as your fuzzing harness. We explore the secrets of good harnessing for fuzzing, from common mistakes to best practices.
We developed the first open-source toolchain for full-system emulated fuzzing of any Hexagon firmware, addressing a critical gap in baseband security research.
We developed the first open-source toolchain for full-system emulated fuzzing of any Hexagon firmware, addressing a critical gap in baseband security research.
Ethical hackers help reduce SS7 abuse by finding security problems to protect phone users, and clear rules are needed to ensure only trusted testers have SS7 access.
Ethical hackers help reduce SS7 abuse by finding security problems to protect phone users, and clear rules are needed to ensure only trusted testers have SS7 access.
We combine human expertise with AI as a co-pilot to enhance code audits, carefully protecting client confidentiality by analyzing closed-source code in-house, and continuously improving our models through benchmarking and fine-tuning without replacing …
We combine human expertise with AI as a co-pilot to enhance code audits, carefully protecting client confidentiality by analyzing closed-source code in-house, and continuously improving our models through benchmarking and fine-tuning without replacing expert human review.
Xiaohongshu exposes users to network-level attacks through partially unencrypted traffic, collects more device data than disclosed, and actively obstructs app analysis efforts.
Xiaohongshu exposes users to network-level attacks through partially unencrypted traffic, collects more device data than disclosed, and actively obstructs app analysis efforts.
We developed GoLibAFL, a new fuzzer for Go code built on top of LibAFL.
We developed GoLibAFL, a new fuzzer for Go code built on top of LibAFL.
In this article, we focus on customizing a fuzzing harness, the key to effective fuzz testing.
In this article, we focus on customizing a fuzzing harness, the key to effective fuzz testing.
In this article series, we share all we know about effective fuzz testing.
In this article series, we share all we know about effective fuzz testing.