Setting up the environment + Hello […]

The post Extending Burp Suite for fun and profit – The Montoya way – Part 4 appeared first on hn security.

Setting up the environment + Hello […]

The post Extending Burp Suite for fun and profit – The Montoya way – Part 3 appeared first on hn security.

Setting up the environment + Hello […]

The post Extending Burp Suite for fun and profit – The Montoya way – Part 2 appeared first on hn security.

-> Setting up the environment + […]

The post Extending Burp Suite for fun and profit – The Montoya way – Part 1 appeared first on hn security.

In this article, I’ll show how […]

The post Pentesting Xamarin Android apps: DLLs and root check bypass appeared first on hn security.

Hi! We are releasing Kraken, HN […]

The post Cracked password analytics with Kraken appeared first on hn security.

Hello there! Please allow me a […]

The post Celebrating two years of HN Security appeared first on hn security.

Apache Maven is a well-known tool […]

The post Abusing Maven’s pom.xml appeared first on hn security.

“What has been will be again, […]

The post Nothing new under the Sun – Discovering and exploiting a CDE bug chain appeared first on hn security.

Disclaimer: as many other security researchers […]

The post A journey into IoT – Unknown Chinese alarm – Part 4 – Internal communications appeared first on hn security.

Hi, Last year (I know, I’m […]

The post Burp Suite and Protobuf appeared first on hn security.

Hi, I recently had the chance […]

The post Semgrep rules for Kotlin security assessment appeared first on hn security.

Java web applications are far from […]

The post Groovy Template Engine Exploitation – Notes from a real case scenario appeared first on hn security.

During our analysis of Zyxel’s device […]

The post Useless path traversals in Zyxel admin interface (CVE-2022-2030) appeared first on hn security.

Disclaimer: as many other security researchers […]

The post A journey into IoT – Unknown Chinese alarm – Part 3 – Radio communications appeared first on hn security.

A few months ago, new firmware […]

The post Zyxel authentication bypass patch analysis (CVE-2022-0342) appeared first on hn security.

“Some details are more important than […]

The post Automating binary vulnerability discovery with Ghidra and Semgrep appeared first on hn security.

Hi! According to the official documentation, Semgrep […]

The post Semgrep rules for PHP security assessment appeared first on hn security.

“We live on a placid island […]

The post Multiple vulnerabilities in Zyxel zysh appeared first on hn security.

Disclaimer: as many other security researchers […]

The post A journey into IoT – Unknown Chinese alarm – Part 2 – Firmware dump and analysis appeared first on hn security.

Backstory During a red teaming exercise […]

The post Zyxel firmware extraction and password analysis appeared first on hn security.

“Humans are more suited to recognize […]

The post Semgrep ruleset for C/C++ vulnerability research appeared first on hn security.

Disclaimer: as many other security researchers […]

The post A journey into IoT – Unknown Chinese alarm – Part 1 – Discover components and ports appeared first on hn security.

Hi! Years ago ( 🙁 ) […]

The post A journey into IoT – Chip identification, BUSSide, and I2C appeared first on hn security.

Hi, A few days ago, Hack […]

The post Hack In Paris video and Brida demo plugins released appeared first on hn security.

“A vulnerability provides an assembly language […]

The post New (and old) shellcode samples appeared first on hn security.

A few years back, I published […]

The post letme.go – A minimalistic Meterpreter stager written in Go appeared first on hn security.

Hi! Last Friday my colleague Piergiovanni […]

The post Brida 0.5 released for Hack In Paris 2021! appeared first on hn security.