I’m roro - an appsec engineer and independent researcher. This is where I write up vulnerabilities I’ve found, publish small tools, and think out loud about how modern software actually breaks.
A deep technical reference on how Semgrep works internally - from CLI entry-point and target discovery, through parsing, AST normalisation, pattern matching and taint dataflow analysis, to output formatting.
A deep technical reference on how Semgrep works internally - from CLI entry-point and target discovery, through parsing, AST normalisation, pattern matching and taint dataflow analysis, to output formatting.
Executive Summary Challenge: Thread of Doom Category: Reverse Engineering Flags: NHK26{VirtualProtect_Overwritten} Binary: NHK_CrackMe_V3.exe (PE32, x86, 43520 …
This article is the result of an OffenSkill Training. It discusses an unauthenticated arbitrary file read vulnerability found in the Enketo software, a web survey manager. The vulnerability, found during a white-box code review session, allows an unauthenticated attacker to read any arbitrary file on the server's by chaining an auth bypass, SSRF, XXE in svg and browser abuses.
Executive Summary Challenge: HalCrypto Category: Web Security Vulnerability: JWT validation bypass via URL confusion with @ symbol Impact: Authentication bypass …
Executive Summary Challenge: PageOneHTML Category: Web Security Vulnerability: Server-Side Request Forgery (SSRF) via gopher:// protocol Impact: Access to …
When I first started developing tools for source code auditing, my primary need was to track tainted data flows through complex codebases during manual code …
About one email per month. Unsubscribe takes one click.
