Main
Articles
Advisories
Tools
Vulnerability Disclosure Policy
About

Articles

The Curious Case of Apple iOS IKEv2 VPN On Demand
Gmail Android app insecure Network Security Configuration.
Reviewing Android Webviews fileAccess attack vectors.
Droidstat-X, Android Applications Security Analyser Xmind Generator
Uber Hacking: How we found out who you are, where you are and where you went!
Google AOSP Email App HTML Injection
XXE ALL THE THINGS!!! (including Apple iOS's Office Viewer)
Good for Enterprise Android HTML Injection (CVE-2014-4925)
From 0-day to exploit - Buffer overflow in Belkin N750 (CVE-2014-1635)
Outlook.com android app HTML injection vulnerability
Piercing SAPRouter with Metasploit

Latest Advisories

CVE-2018-10377 - Insufficient Validation of Burp Collaborator Server Certificate
CVE-2017-9376 - ManageEngine ServiceDesk Plus Local File Inclusion
CVE-2017-9362 - ManageEngine ServiceDesk Plus XML External Entity via CMDB API
CVE-2017-10992 - HP Storage Essentials Remote Code Execution via Java deserialization
CVE-2016-10125 - DLink DGS-1100 switch static hard-coded TLS crypto keys in firmware

Latest Articles

The Curious Case of Apple iOS IKEv2 VPN On Demand
Gmail Android app insecure Network Security Configuration.
Reviewing Android Webviews fileAccess attack vectors.
Droidstat-X, Android Applications Security Analyser Xmind Generator
Uber Hacking: How we found out who you are, where you are and where you went!