Blog

In this blog, we are going to break down the Centos Web Panel RCE, dive deep into the dynamic and static analysis, also trying to simulate the backend code.

New restart popup window and custom message for your end user.

I'm trying to analyze JsonWebToken CVE-2022–23529 and see if there is a possibility or how I may proceed to find a way to achieve full RCE, however, after the analysis, I'm not sure if this is possible.

A software failure grounded thousands of flights today, raising a complicated question - how do you secure an unstable system? The answer has never been more urgent.

The recent attack on LastPass has people questioning if they can trust password managers. But there's a bigger issue lurking underneath - can you trust ANY security vendor?

We are presenting a unique exploit that helps us exploit Notable app CVE-2022-30507, mainly we are using this for persistence and social engineering.

In a connected world, the instant transition of information is a must. Websocket is a protocol that comes in handy where speed and reliability are vital.

The AI writer everyone's talking about could transform cybersecurity as with so much else. Here are three possible outcomes: good, bad, and ugly.

Vulnerability CVE-2022-29464 being used in the wild to exploit arbitrary remote code execution through unfettered file uploads (RCE).

Spring MVC or Spring WebFlux application running on JDK 9+ susceptible to remote code execution (RCE).

I would like to straighten the defense of the web application by talking about Intrusion Detection and Prevention Systems (IDS and IPS) as the third member of this security trio defense: WAF, RASP, and IDPS.

Cyber Kill Chain - what is it, and why do we need it.

With new guidance from the Department of Defense, the U.S. has made an unprecedented commitment to zero trust cybersecurity. But is this a sound strategy or a looming disaster?

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s

To protect the application besides adding a Web Application Firewall as a first-line defense we can also add Runtime Application Self-Protection (RASP). In this article, we will talk about this emerging technology!