publications

For SonarSource

Bits from Hexacon 2022 Remote Code Execution in Melis Platform Securing Developer Tools: A New Supply Chain Attack on PHP WordPress Core – Unauthenticated Blind SSRF Securing Developer Tools: Argument Injection in Visual Studio Code Security Implications of URL Parsing Differentials Path Traversal Vulnerabilities in Icinga Web PHP Supply Chain Attack on PEAR Securing Developer Tools: Git Integrations Zabbix – A Case Study of Unsafe Session Storage Code Security Advent Calendar 2021 Agent 008: Chaining Vulnerabilities to Compromise GoCD SmartStoreNET – Malicious Message leading to E-Commerce Takeover Cachet 2.4: Code Execution via Laravel Configuration Injection Grav CMS 1.7.10 – Code Execution Vulnerabilities elFinder – A Case Study of Web File Manager Vulnerabilities PHP Supply Chain Attack on Composer

For Synacktiv

Your vulnerability is in another OEM! Pwn2Own Tokyo 2020: Defeating the TP-Link AC1750 Ubuntu ppp's CVE-2020-15704 wrap-up FIC2020 prequals CTF write-up rutorrent code review Writing an exploit for the Linux kernel vulnerability CVE-2017-5123 C’est une bonne situation, ça, Scribbles ? 106 shades of marble

Misc.

Hack-a-Sat write-ups (on GitHub) CVE-2020-26886: Local Privilege Escalation using softaculous/bin/soft (on vulnerable.af) suPHP – The vulnerable ghost in your shell (on vulnerable.af) Modern PHP Security Part 1: bug classes (on Detectify Labs) Modern PHP Security Part 2: Breaching and hardening the PHP engine (on Detectify Labs)