InfoSec Blog

zi0black

I’m zi0black, Security Researcher and Penetration Tester at Shielder. I love to turn IoT devices in expensive paperweights.

Qiling

By zi0black & thezero

21/03/2022

Reversing embedded device bootloader (U-Boot) - p.2

In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.

Read more

firmware ARM Binary Qiling Unicorn

4

Min

Qiling

By zi0black & thezero

08/03/2022

Reversing embedded device bootloader (U-Boot) - p.1

In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.

Read more

firmware ARM Binary Qiling

10

Min

ServiceStack JWT signature verification bypass

By zi0black

02/11/2020

Re-discovering a JWT Authentication Bypass in ServiceStack

ServiceStack in version 5.9.2 almost silently patched a vulnerability which allowed to bypass JWT signature.

Read more

ServiceStack JWT Exploit BAC

2

Min

XXE to RCE via XML file opening

By thezero & zi0black

24/10/2019

Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …

The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.

Read more

RCE XXE Exploit Writeup

6

Min