By thezero & zi0black
24/10/2019
Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …
The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.
RCE XXE Exploit Writeup
6
Min
By thezero
19/10/2019
Exploiting an old noVNC XSS (CVE-2017-18635) in OpenStack
OpenStack was using an old version of noVNC affected by a DOM-based XSS that allowed attackers to steal VM tokens and take over VMs.
XSS Exploit Writeup
4
04/02/2019
FridaLab – Writeup
Writeup for the FridaLab challenge with a basic introduction to the Frida toolkit on Android.
CTF Tutorial Writeup Android Frida
3