This week, we are publishing a list of research worth reading! Make sure you check it out!
β€οΈ We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
If you only have time to read one article this week, make it this one: We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI.
π White-box penetration testing: Debugging for Python vulnerabilities
This is actually one of the things we teach in our Web Security Code Review Training: how to debug applications in Python (we also do it in Ruby): White-box penetration testing: Debugging for Python vulnerabilities.
π Friends donβt let friends reuse nonces
A great article on Nonce reuse with visual representations of this issue from the team at Trail of Bits: Friends donβt let friends reuse nonces.
π§ Defend against vampires with 10 gbps network encryption
Another great article from the team at Synacktiv: Defend against vampires with 10 gbps network encryption.
π Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions
What happens when Typosquatting meets Github Actions? Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions.
π AppSec eZine #552
AppSec eZine is back with issue #552.
