Security Researcher and Penetration Tester at Shielder. Human, Chaotic Good. Disciple of Bushido & Disney.
By suidpit & thezero
18/04/2024
Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers
A writeup about two intent-based Android vulnerabilities CVE-2024-26131 and CVE-2024-26132 in Element (Matrix).
android CVE writeup
15
Min
By thezero & suidpit
30/01/2024
Hunting for Unauthenticated n-days in Asus Routers
Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.
RCE NDay CVE Exploit Writeup
12
By suidpit
24/10/2023
CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
A recently disclosed CVE for the Orthanc DICOM server can be used to obtain Remote Code Execution. As a PoC was not available, we wrote one.
RCE File Upload Exploit Writeup
8