03 April 2018

We discovered a new Web attack vector abusing the Edge Side Overview of the potentially affected productsInclude (ESI) features common in caching services and product. We will explain the conditions required for exploitation along with 3 example payloads: Cookie exfiltration, SSRF and bypassing client-side XSS filtering.

January 24, 2018

This article is an opinionated essay on why you should be using Kotlin to build Burp extensions. It provides an overview of the main language features with code samples.

January 10, 2018

Privilege "escalation"The latest VMware Horizon vulnerability is via an attack vector that shouldn't be overlooked: bad Windows process handles management. In this article, you will find all the details around CVE-2017-4946 which was discovered and exploited by Martin Lemay during a pentest engagement.

August 10, 2017

New results related to our research about Linux/Moose, an IoT botnet that conducts social media fraud (SMF), were published in the scientific journal, Social Media & Society, last week. The article is open-source and available at: http://dl.acm.org/citation.cfm?id=3097301. However, if you don’t want to bother reading it, the blog post provides a quick summary of the main findings.