Profile avatar
berg.hf.ax
security enthusiast | space | F1 | bikes
11 posts 844 followers 254 following
Regular Contributor
Posts 18 Comments 8

BABE! stop what ya doin', they've found a sexy af buffer over-run in DNS used by the GReAt waLL of ChINA!!! Today's a phenomenal day for research papers. Leaking memory contents using DNS requests??? Xie Xie, yes please gfw.report/publications...

submitted 11 days ago • 2 comments

Here is a docker trick I use a lot: It is easy to access the file system of the docker containers through /proc/[pid]/root/, this makes it easy to run tools not available in the container, copy and edit files etc. This is especially useful for hardened containers

submitted 42 days ago • 1 comment

Here is a docker trick I use a lot: It is easy to access the file system of the docker containers through /proc/[pid]/root/, this makes it easy to run tools not available in the container, copy and edit files etc. This is especially useful for hardened containers

submitted 42 days ago • 1 comment

CVSS is dead to us daniel.haxx.se/blog/2025/01... #curl

submitted 45 days ago • 9 comments

I've made an interactive list of #eBPF research papers. Only papers from the top academic conferences, including lots of papers on eBPF verification, kernel offloads, security analysis, etc. pchaigno.github.io/bpf/2025/01/... I plan to keep the list up-to-date.

submitted 61 days ago • 1 comment

Last month, our Security Research team discovered and disclosed a critical pre-authentication RCE in CraftCMS (CVE-2024-56145). You can read our blog post on the issue here: assetnote.io/resources/re... #attacksurfacemanagement

submitted 81 days ago • 0 comments

I recently discovered eBPF and been playing around a bit with it Essentially it is small hot-swappable programs that run in the linux kernel, making it possible to e.g. log arguments to syscall and userland functions. It is also possible to change the behaviour of syscalls (some limits apply)

submitted 99 days ago • 1 comment

To summarize what I have learned about Mutation XSS, my CVE, and the solution to my challenge, I wrote a post going through it all. If you like regular XSS, this is a whole new world of crazy techniques and many sanitizer bypasses. You too can learn this! jorianwoltjer.com/blog/p/hacki...

submitted 102 days ago • 0 comments

I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy! Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...

submitted 103 days ago • 1 comment

I posted a quick/fun little blog about the dangers of invisible bytes, particularly when everybody copies/pastes exploits without understanding them: #vulnerability #exploit #greynoise #null #byte

submitted 104 days ago • 0 comments

Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE. Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...

submitted 108 days ago • 1 comment

@volexity.com’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target while the attacker was halfway around the world.    Read more here: www.volexity.com/blog/2024/11...

submitted 107 days ago • 2 comments

Any bug bounty people around? I'm creating a starter pack of people to follow but it's pretty brief currently! Let me know if you'd like to be added: go.bsky.app/GD7hKPX

submitted 108 days ago • 45 comments

Nice writeup by Jakub Domeracki of multiple vulnerabilities in a Google architecture tool, resulting in the tool being decommissioned jdomeracki.github.io/2024/11/09/s...

submitted 109 days ago • 0 comments

How does the new iOS inactivity reboot work? What does it protect from? I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented. naehrdine.blogspot.com/2024/11/reve...

submitted 112 days ago • 12 comments

As a pentester and security engineer, I found this talk to be very inspiring. I haven't been able to use the tool yet, but you can bet I will soon! youtu.be/bCNnloBaw_U?...

submitted 112 days ago • 0 comments

Needed to find both really common apex domains and uncommon apex domains in a recent project of mine. Created a small tool to just this by looking up each apex domain against the Tranco list (list of the 4.7m most common domains) and showing the rank. It is available at github.com/AlfredBerg/d...

submitted 114 days ago • 1 comment

Just added a whole bunch more people to my Hackers starter pack 🥰 go.bsky.app/NRP3ecE

submitted 115 days ago • 21 comments