Posts

Pwning PaaS Cloud Managed Services - From Breaking Isolation to Identifying Abuse

Attacking Jenkins with Shared Libraries

Attacking with Command Injection on Containers created using Google's Distroless Images

Threats of leaked Github Personal Access Tokens : Private Github Enumeration, Backdooring Apps and Stealing Secrets from CICD systems

Solving Ropemporium - ret2win - 32 bit , 64 bit

Using CodeQL variant analysis to find format string vulnerabilities - Part 2 ( Taint Analysis )

Using CodeQL variant analysis to find format string vulnerabilities - Part 1