A collection of notes
AlcaWASM Challenge Writeup - Pwning an In-Browser Lua Interpreter
Gamedevs of the world, unite! Your favourite language is in danger -- the l33t wrongdoers have figured out how to BYOB (Bring Your Own Bytecode) and pwn the Lua v5.4 interpreter!
Read more ⟶Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers
Wild trips with intent redirections to compromise an end-to-end encrypted messaging chat.
Read more ⟶Hunting for (Un?)authenticated n-days in Asus Routers
Firmware analysis, reverse engineering and binary exploitation shenanigans on Asus routers.
Read more ⟶CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
N-day exploit for Orthanc. Now featuring polyglot files!
Read more ⟶