PhD, AI & Infosec enthusiast
Academic and technical background in AI and infosec. My work focuses on the intersection of AI and cybersecurity, both offensive and defensive.
Intro: It has been a while since my last blog post, and here we go again. This one will cover a vulnerability I discovered and reported back in April to a private program in HackerOne which I cannot disclose the name, but it is a well known insurance company in the USA. In short I have not set and prepare for this finding as I am so busy recently with my full time job, nevertheless I spend some of my spare time on my hobby, including research.
Intro: Back to Feb 1, 2020 at 5:53PM, I reported a critical vulnerability issue that gives me a remote code execution(RCE) on StrongKey company. To those who don’t know, StrongAuth, or StrongKey is a security based company that “makes data breach irrelevant, with StrongKey technology, your data becomes worthless to hackers” as stated on their website !. About the company by CyberDb : StrongAuth, Inc. is a Silicon Valley company focused on Symmetric Key Management, Encryption, Tokenization and PKI and FIDO-based Strong-Authentication.
Vulnerable discovered code LFI Intro: Three years ago, while conducting my academic research. I come accross a website to download an interresting pdf course. I downloaded the pdf, and as always, the nerd come back to mind whenever had the chance, even if it’s not the subject of my research. So, I tried to test the website for what it seems to me a vulnerability. And guess what? it’s a critical one.
Intro: Hi, It has been a while since my last story. This one isn’t going to tell anything special about infosec, in fact nothing with that topic in here. I will be presenting how I managed to automate a task with a malformed json data, especially updating repetitive values for the same key. Let’s start: I won’t go through fundamentals, but some specific parameters will be mentioned here. Yesterday, I got some json data that was like this:
How I was able to access one of the russian antivirus (Bitdefender) domains through blind xss !
What is the best Linux distro and for what? It’s a Linux myth question, though the response can easily find its way from the question. What are you willing to do with ? It’s really depends on what would be your engagement towards the OS (the uses). Are you using it just for daily browsing. For games, Programming and development stuff. Staring without doing anything ? Why not, it could be :)