Category //

Checkmarx Security Research Team

CTparental Vulnerabilities Enabled Filter Bypassing

For those who don’t know me, I am a mother to two brilliant children who are better at the game of chess than an average kid their age, and their chess teacher advised them to find suitable chess opponents online.

Chained RaspAP Vulnerabilities Grant Root Level Access

According to its official documentation, “RaspAP” is a wireless router software for many popular Debian-based devices, including the Raspberry Pi. It has a mobile-ready interface that gives the user control over the relevant services and networking options which include advanced DHCP

Rewriting Your History Using a Historical Vulnerability

In recent years, cross-site history manipulation (or XSHM for short) has garnered rising attention from our customers. With this and our team being inspired by this recent CSO article exploring legacy software bugs, we decided to take a closer look

CVE-2021-31800: How We Used Impacket to Hack Itself

According to its official documentation, Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets for some protocols (e.g. SMB1-3 and MSRPC), and for others, the protocol

The 0xDABB of Doom: CVE-2021-25641

Introduction When I previously wrote the original Dubbo publication, we disclosed that issue as it was mitigated by the vendor. While the Dubbo “HTTP” protocol in that disclosure was trivially vulnerable to the most common Java deserialization attacks (as evidenced

Solving ISA’s 2021 Web Challenges

Being part of the Checkmarx SCA Research Team who supports our next-gen Software Composition Analysis (SCA) solution, my team members and I often participate in Capture the Flag (CTF) types of competitions to hone our skills and share our knowledge

Skip to content