maitai
@maitai.bsky.social
BSc Computer Science Engineering | 24 | Trying to find my way ~ 🍭
http://blig.one
http://blig.one
Reposted by maitai
🔥 The future of RFID hacking isn’t dead, its even more...
At #WHY2025, Kirils and I are breaking down current RFID hacking situation
No fluff. Just spilling the beans.
🗓️ 9th of August 13:00 at Andromeda
🔗 cfp.why2025.org/why2025/talk...
RT if you’re ready.
At #WHY2025, Kirils and I are breaking down current RFID hacking situation
No fluff. Just spilling the beans.
🗓️ 9th of August 13:00 at Andromeda
🔗 cfp.why2025.org/why2025/talk...
RT if you’re ready.
Decoding RFID: A comprehensive overview of security, attacks, and the latest innovations WHY2025
RFID reverse engineering has seen significant advancements, yet a comprehensive overview of the field remains scattered across research and practitioner communities.
Here the authors presents a struc...
cfp.why2025.org
July 13, 2025 at 2:40 PM
🔥 The future of RFID hacking isn’t dead, its even more...
At #WHY2025, Kirils and I are breaking down current RFID hacking situation
No fluff. Just spilling the beans.
🗓️ 9th of August 13:00 at Andromeda
🔗 cfp.why2025.org/why2025/talk...
RT if you’re ready.
At #WHY2025, Kirils and I are breaking down current RFID hacking situation
No fluff. Just spilling the beans.
🗓️ 9th of August 13:00 at Andromeda
🔗 cfp.why2025.org/why2025/talk...
RT if you’re ready.
Reposted by maitai
月火で岡山旅行に行っていた 買ってきたきびだんごがおいしい
April 18, 2025 at 9:04 AM
月火で岡山旅行に行っていた 買ってきたきびだんごがおいしい
Reposted by maitai
Took me a while, but here is the full article!
If you want to see some weird URL parsing behavior, here you can find a lot of them :)
sec.leonardini.dev/blog/playing...
Disclaimer: no exploits nor vulnerabilities in this post, just some broken code
If you want to see some weird URL parsing behavior, here you can find a lot of them :)
sec.leonardini.dev/blog/playing...
Disclaimer: no exploits nor vulnerabilities in this post, just some broken code
February 28, 2025 at 8:49 PM
Took me a while, but here is the full article!
If you want to see some weird URL parsing behavior, here you can find a lot of them :)
sec.leonardini.dev/blog/playing...
Disclaimer: no exploits nor vulnerabilities in this post, just some broken code
If you want to see some weird URL parsing behavior, here you can find a lot of them :)
sec.leonardini.dev/blog/playing...
Disclaimer: no exploits nor vulnerabilities in this post, just some broken code
Reposted by maitai
This article on Solr and its (in)security is really good 💎
And I strongly recommend to read @hacefresko.com previous article on Solr before diving in this one (I will share the link in my reply)
And I strongly recommend to read @hacefresko.com previous article on Solr before diving in this one (I will share the link in my reply)
Good news! I've uploaded a new post about the most complex and beautiful vulnerability I've ever found, involving patching and uploading deprecated .jar libraries to get RCE on a big target. It's a very technical post, but I hope you like it ! :)
www.hacefresko.com/posts/rce-on...
www.hacefresko.com/posts/rce-on...
A very fancy way to obtain RCE on a Solr server
www.hacefresko.com
March 7, 2025 at 8:32 PM
This article on Solr and its (in)security is really good 💎
And I strongly recommend to read @hacefresko.com previous article on Solr before diving in this one (I will share the link in my reply)
And I strongly recommend to read @hacefresko.com previous article on Solr before diving in this one (I will share the link in my reply)
Reposted by maitai
For this challenge, it was necessary to abuse a discrepancy between the DOM and the rendered page in Firefox's cache handling 💽
👉 bugzilla.mozilla.org/show_bug.cgi...
This allows to shift iframe rendering from one to another leading to a sandbox bypass 🔥
👉 mizu.re/post/an-18-y...
👉 bugzilla.mozilla.org/show_bug.cgi...
This allows to shift iframe rendering from one to another leading to a sandbox bypass 🔥
👉 mizu.re/post/an-18-y...
March 2, 2025 at 5:14 PM
For this challenge, it was necessary to abuse a discrepancy between the DOM and the rendered page in Firefox's cache handling 💽
👉 bugzilla.mozilla.org/show_bug.cgi...
This allows to shift iframe rendering from one to another leading to a sandbox bypass 🔥
👉 mizu.re/post/an-18-y...
👉 bugzilla.mozilla.org/show_bug.cgi...
This allows to shift iframe rendering from one to another leading to a sandbox bypass 🔥
👉 mizu.re/post/an-18-y...
February 25, 2025 at 8:30 PM
Reposted by maitai
Bro is writing malware but also a Mad Max supervillian
February 15, 2025 at 6:00 PM
Bro is writing malware but also a Mad Max supervillian
Reposted by maitai
AMD published Security Bulletin AMD-SB-7027 addressing CVE-2024-0179 and CVE-2024-21925, the two UEFI SMM vulnerabilities disclosed in our blog post.
Data center, desktop, mobile and embedded processors products are affected:
www.amd.com/en/resources...
Data center, desktop, mobile and embedded processors products are affected:
www.amd.com/en/resources...
February 13, 2025 at 2:35 PM
AMD published Security Bulletin AMD-SB-7027 addressing CVE-2024-0179 and CVE-2024-21925, the two UEFI SMM vulnerabilities disclosed in our blog post.
Data center, desktop, mobile and embedded processors products are affected:
www.amd.com/en/resources...
Data center, desktop, mobile and embedded processors products are affected:
www.amd.com/en/resources...
Reposted by maitai
Happy Friday folks! Here is a throwback to our 2nd most popular research post of 2024, "Gaining kernel code execution on an MTE-enabled Pixel 8" by Man yue Mo github.blog/security/vul...
Gaining kernel code execution on an MTE-enabled Pixel 8
In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I’ll show how this vulne...
github.blog
February 14, 2025 at 11:04 AM
Happy Friday folks! Here is a throwback to our 2nd most popular research post of 2024, "Gaining kernel code execution on an MTE-enabled Pixel 8" by Man yue Mo github.blog/security/vul...
Reposted by maitai
October 7, 2024 at 1:05 PM
Reposted by maitai
I keep coming across all these "pseudocode" examples on Wikipedia and in academic papers, and what I don't understand is why the authors can't just learn a real programming language
February 6, 2025 at 7:49 PM
I keep coming across all these "pseudocode" examples on Wikipedia and in academic papers, and what I don't understand is why the authors can't just learn a real programming language
Reposted by maitai
If you are interested in client-side hacking and browser quirks I strongly recommend going through this writeup by @maitai.bsky.social!
It was also cool to collab w/ him on the second chall 🤜🏿🤛🏻
blig.one/2024/11/29/f...
It was also cool to collab w/ him on the second chall 🤜🏿🤛🏻
blig.one/2024/11/29/f...
Flatt Security XSS Challenge - Writeup | maitai's blog
blig.one
November 30, 2024 at 6:20 AM
If you are interested in client-side hacking and browser quirks I strongly recommend going through this writeup by @maitai.bsky.social!
It was also cool to collab w/ him on the second chall 🤜🏿🤛🏻
blig.one/2024/11/29/f...
It was also cool to collab w/ him on the second chall 🤜🏿🤛🏻
blig.one/2024/11/29/f...
Reposted by maitai
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...
Top 10 web hacking techniques of 2024
Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
portswigger.net
February 4, 2025 at 3:02 PM
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...