I recently found a pair of NateMail vulnerabilities, and I wanted to publish them now that it's been over ninety days.
Category Archives: Security Not Included
NateMail Vulnerabilities (3.0.15) – XSS (CVE-2019-13392) and Open Redirect
Filed under Security Not Included
WordPress Syntax Highlighting – Including x86 Support
I wanted to share how to setup WordPress syntax highlighting, since I've had people ask me how I format my posts.
Filed under Security Not Included
XSS Without Slashes – A Little Bit Harder Now
Another day, another filter bypass. This time, it is XSS without slashes!
Filed under Security Not Included
Referer XSS with a Side of Link Injection
I wanted to share an example of referer XSS, as I've never been able to play with it before.
Filed under Security Not Included
A Personal Update – Better Late Than Never
I haven't published a post in just over a month now, so I wanted to share a quick personal update.
Filed under Security Not Included
AFL Introduction – Installation and Basic Fuzzing
This post is long overdue, but I wanted to present an AFL introduction, and how to install/use it.
Filed under Security Not Included
PTC ThingWorx Vulnerability (CVE-2018-20092)
We disclosed a PTC ThingWorx Vulnerability regarding a directory traversal last year, and I wanted to finally share the write-up.
Filed under Security Not Included
XSS Without Spaces – Finally, an Easier Filter
Back to some web applications, I wanted to share an example of XSS without spaces.
Filed under Security Not Included
Intigriti XSS Challenge – Fun with DOM XSS
I just finished the Intigriti XSS challenge, and I wanted to share my write-up for it.
Filed under Security Not Included
Setting up a DigitalOcean VPN with strongSwan
In keeping with the VPN theme, here's a quick guide on setting up a DigitalOcean VPN with strongSwan.
Filed under Security Not Included