I'm roro — an appsec engineer and independent researcher. This is where I write up vulnerabilities I've found, publish small tools, and think out loud about how modern software actually breaks.
Less technical than usual. The story of sek, the code audit tool I'm building: where the idea came from, my failed first attempt (spotted), the restart on Joern, the Rust backend I picked against my will, and the weird feeling of thinking you're done when you're not.
Less technical than usual. The story of sek, the code audit tool I'm building: where the idea came from, my failed first attempt (spotted), the restart on Joern, the Rust backend I picked against my will, and the weird feeling of thinking you're done when you're not.
I found my first DOM-based XSS in a bug bounty program. No SQLi, no RCE - just a missing origin check in a postMessage listener and a javascript: URI. CVSS 9.0. Sink-to-source analysis, exploit chain, and some bonus impact.
A deep technical reference on how Semgrep works internally - from CLI entry-point and target discovery, through parsing, AST normalisation, pattern matching and taint dataflow analysis, to output formatting.
Executive Summary Challenge: Thread of Doom Category: Reverse Engineering Flags: NHK26{VirtualProtect_Overwritten} Binary: NHK_CrackMe_V3.exe (PE32, x86, 43520 …
This article is the result of an OffenSkill Training. It discusses an unauthenticated arbitrary file read vulnerability found in the Enketo software, a web survey manager. The vulnerability, found during a white-box code review session, allows an unauthenticated attacker to read any arbitrary file on the server's by chaining an auth bypass, SSRF, XXE in svg and browser abuses.
Executive Summary Challenge: HalCrypto Category: Web Security Vulnerability: JWT validation bypass via URL confusion with @ symbol Impact: Authentication bypass …
About one email per month. Unsubscribe takes one click.
