Profile avatar
h0ng10.bsky.social
CEO at MOGWAI LABS, part time CTF player and bboy
12 posts 67 followers 250 following
Regular Contributor
Posts 26 Comments 3

From iframes and file reads to full RCE. 🔥 We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into remote code execution via a Chromium 62 WebView exploit. 👉 Read the full write-up here: neodyme.io/en/blog/html...

submitted 1 day ago • 0 comments

AppSec Ezine Edition #584 pathonproject.com/zb/?39a1a5b0...

submitted 8 days ago • 0 comments

A few quick notes on the Erlang OTP SSHd RCE (CVE-2025-32433) [1/3] 1. Cisco confirmed that their ConfD and NSO products are affected. The ConfD patch is planned for May. These often run on ports 830, 2022, and 2024 versus 22. sec.cloudapps.cisco.com/security/cen...

submitted 10 days ago • 1 comment

Good analysis of CVE-2025-30065 (Java Deserialization Vulnerability in Apache Parket). I would that (depending on the Java version) it possible to use a gadget that causes an outgoing JNDI call. attackerkb.com/topics/jAhVR...

submitted 22 days ago • 0 comments

unauth-rce++ 😊

submitted 24 days ago • 0 comments

Our crew members @mwulftange.bsky.social & @frycos.bsky.social discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam 's blacklist for CVE-2024-40711 & CVE-2025-23120 + further entry points after @sinsinology.bsky.social & @chudypb.bsky.social 's blog. Replace BinaryFormatter!

submitted 36 days ago • 0 comments

Private Key reuse for requesting https certificates is the new "outdated JavaScript libraries" for penetration testers. - Large number of services affected - Easy to find / verify - Hard to actually exploit Still nice research from the Truffle Security Team. www.youtube.com/watch?v=gyyt...

submitted 36 days ago • 1 comment

Happy to share my slides from BOOTSTRAP25. Unfortunately the bug discussed is still not patched in Linux 6.14.0 despite it being reported explicitly. Slides are in markdown but there's a PDF in "releases" too github.com/jduck/bs25-s...

submitted 39 days ago • 1 comment

Today, Wiz (Woogle?) released an advisory detailing an attack chain they’ve dubbed IngressNightmare, which, if left exposed and unpatched, can be exploited to achieve remote code execution by unauthenticated attackers. Read more at www.runzero.com/blog/ingress...

submitted 40 days ago • 0 comments

Look Mom, smalidea (github.com/JesusFreke/s...) has new features: 1. Call-Hierarchy

submitted 43 days ago • 1 comment

Our next meetup is a presentation from our friends at X41 D-Sec GmbH. Join us next Wednesday, March 26th, at 14:00 CDT for a presentation and discussion with Markus Vervier and Eric Sesterhenn on their audit of @mullvad.bsky.social. We can't wait for this one! RSVP at lu.ma/wreregye

submitted 47 days ago • 0 comments

unauth-rce++ 😊

submitted 47 days ago • 0 comments

Root cause analysis of Sitecore XM + XP remote code execution CVE-2025-27218 via @rapid7.com's pen testing team attackerkb.com/assessments/...

submitted 59 days ago • 0 comments

Finally had some time to put together a new blog post. It’s not groundbreaking, but it could still be interesting if you're into application security.

submitted 64 days ago • 0 comments

EA released the source for Command & Conquer Red Alert on github. github.com/electronicar...

submitted 65 days ago • 10 comments

Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) apply-if-you-can.com/walkthrough/...

submitted 71 days ago • 0 comments

This is a great video that teaches you some Chrome Dev Tools debugging skillz: www.youtube.com/watch?v=F5m2...

submitted 71 days ago • 0 comments

Videos from the Black Hat USA 2024 security conference, which took place in August, are available on YouTube (finally) www.youtube.com/playlist?lis...

submitted 87 days ago • 0 comments

VxWorks 6.9 uses SHA-256 + salt but with only one iteration 🤦‍♂️ this was implemented in response to CVE-2010-2965 by @hdm.io Check out the full disclosure drama: sec-consult.com/blog/detail/...

submitted 96 days ago • 1 comment

Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! github.blog/security/vul...

submitted 101 days ago • 1 comment

Hello Bluesky 😀

submitted 101 days ago • 0 comments

This blog post by the HvS-Consulting team about insecurely configured NFS shares is excellent, and the released tools work very well. There are definitely some points for your next infrastructure test. www.hvs-consulting.de/en/nfs-secur...

submitted 106 days ago • 0 comments

I wrote a PoC for the recent Ivanti Connect Secure stack buffer overflow, CVE-2025-0282, based on the exploitation strategy watchTowr published, along with an assessment of exploitability given the lack of a suitable info leak to break ASLR: attackerkb.com/assessments/...

submitted 107 days ago • 1 comment

I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy! Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...

submitted 158 days ago • 1 comment

The VPN nightmare continues, you should update your Juniper appliances. labs.watchtowr.com/the-second-w...

submitted 471 days ago • 0 comments

GitLab released a critical security update. One of the vulnerabilities allows unauthenticated account takeover via password resets. about.gitlab.com/releases/202...

submitted 477 days ago • 0 comments