Tech Blog

Bad Pods: Kubernetes Pod Privilege Escalation
Lessons Learned on Brute-forcing RMI-IIOP With RMIScout
Design Considerations for Secure GraphQL APIs
Design Considerations for Secure Cloud Deployment
h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)
Breaking HTTPS in the IoT: Practical Attacks For Reverse Engineers
How to Set Up Your Hardware Lab
RMIScout: Safely and Quickly Brute-Force Java RMI Interfaces for Code Execution
The TL;DR on TF-IDF: Applied Machine Learning
GadgetProbe: Exploiting Deserialization to Brute-Force the Remote Classpath