It was May 2024, and our internal security team was evaluating the LogPoint SIEM/SOAR platform to replace our existing platform, potentially. As part of a habit I’ve built over the years —and honestly, part of our 3rd party due diligence— I gave myself 24 hours to do what I always do with any technology we’re about to trust: try to break it.
Read the story0day advisory authentication cve cyber django exploit hacking logpoint metasploit middleware product security vulnerability
-
Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096)
It was yet another day at the office. Our team was internally discussing moving to a different platform analytics solution. Our team was really leaning more towards Posthog. It’s one of the brilliant -I personally believe it’s the best- products on the market. And that’s where the story has begun…
(more…) -
The Chessboard of Security: Insights on Product Development and Vulnerabilities from a Hacker Perspective
I was playing a quick game of chess while waiting for my coffee this morning. I had the white pieces and, as always, was eager to make the most of my first-move advantage. Early in the game, I pushed a center pawn forward aggressively, hoping to gain more control of the board. But soon, I realized that this overextended pawn is going to be vulnerable! To protect it, I had to pull my knight back, sacrificing some of my momentum. Despite having the upper hand initially, I ended up settling for a draw.
(more…) -
Digital Cosmos: A Journey Through the Galaxy of Vulnerabilities
Whenever I ponder the vastness of space and our limited ability to observe only the Milky Way, I am utterly fascinated. It took us thirty years to position the James Webb Telescope at the Lagrange point (L2), offering us a mere glimpse into events that unfolded millions of years ago.
(more…) -
Vesta Control Panel Second Order Remote Code Execution 0day Step-by-Step Analysis
I believe that doing a security research is all about trying to understand high-level of architecture of the products and finding a creative attack vectors.
I hope this blog post will show some the readers how to start doing security research.
(more…) -
Why Secure Design Matters ? Secure Approach to Session Validation on Modern Frameworks (Django Solution)
I’ve been doing security researches on softwares for a quite long time. During these researchs, I often find myself in a situation where in I think about the state of mind of developers, problems that occur during developments and core problems of nature of software crafting teams. Thinking about these questions always lead me to realize possible software bugs.
(more…) -
CVE-2018-20323 | MailCleaner Community Edition Remote Code Execution
In this article, I would like to share a remote code execution vulnerability details of MailCleaner Community Edition product.
(more…)










