Our Blog

Our news

All you need to know

The power of variant analysis (Semmle QL) CVE-2019-15937 and CVE-2019-15938

Reading time: ~11 min
Intro This post will try to do a small introduction to the QL language using real-world vulnerabilities that I found...

Analysis of a 1day (CVE-2019-0547) and discovery of a forgotten condition in the patch (CVE-2019-0726) – Part 1 of 2

Reading time: ~16 min
This post will cover my journey into the analysis of CVE-2019-0547 (Affecting the windows DHCP client), a vulnerability discovered by...

Understanding PEAP In-Depth

Reading time: ~20 min
tl;dr We reported a long standing PEAP bug in all Apple devices that would allow an attacker to force any...

Being Stubborn Pays Off pt. 1 – CVE-2018-19204

Reading time: ~13 min
Intro During an internal assessment, I came across monitoring software that had default credentials configured. This monitoring software allowed for...

Fuzzing Apache httpd server with American Fuzzy Lop + persistent mode

Reading time: ~10 min
Intro Recently, I reported CVE-2017-7668 (Apache Server buffer-over-read). This is a cross-post from my personal blog where I explain how...