InfoSec Blog

zi0black

Sono zi0black, Security Researcher e Penetration Tester presso Shielder. Mi piace trasformare i dispositivi IoT in costosi fermacarte.

Qiling

21/03/2022

Reversing embedded device bootloader (U-Boot) - p.2

In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.

4

Min

Qiling

08/03/2022

Reversing embedded device bootloader (U-Boot) - p.1

In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.

10

Min

ServiceStack JWT signature verification bypass

02/11/2020

Re-discovering a JWT Authentication Bypass in ServiceStack

ServiceStack in version 5.9.2 almost silently patched a vulnerability which allowed to bypass JWT signature.

2

Min

XXE to RCE via XML file opening

24/10/2019

Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …

The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.

6

Min