I’m thezero, Security Researcher and Senior Penetration Tester at Shielder.In the office I’m the one with the soldering iron.
NotSoSmartConfig: broadcasting WiFi credentials Over-The-Air
Security analysis of the SmartConfig procol by Espressif and publishing of the NotSoSmartConfig tool, able to retrieve WiFi credentials from a PCAP.
Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …
The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.
Exploiting an old noVNC XSS (CVE-2017-18635) in OpenStack
OpenStack was using an old version of noVNC affected by a DOM-based XSS that allowed attackers to steal VM tokens and take over VMs.
WebTech, identify technologies used on websites
Release of WebTech, a tool for RECON during Penetration Tests that scan websites and identify technologies and frameworks in use.
FridaLab – Writeup
Writeup for the FridaLab challenge with a basic introduction to the Frida toolkit on Android.