Research Worth Reading Week 37/2024

This week, we are publishing a list of research worth reading! Make sure you check it out!

❤️ We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI

If you only have time to read one article this week, make it this one: We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI.

🐍 White-box penetration testing: Debugging for Python vulnerabilities

This is actually one of the things we teach in our Web Security Code Review Training: how to debug applications in Python (we also do it in Ruby): White-box penetration testing: Debugging for Python vulnerabilities.

📚 Friends don’t let friends reuse nonces

A great article on Nonce reuse with visual representations of this issue from the team at Trail of Bits: Friends don’t let friends reuse nonces.

🧛 Defend against vampires with 10 gbps network encryption

Another great article from the team at Synacktiv: Defend against vampires with 10 gbps network encryption.

📖 Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

What happens when Typosquatting meets Github Actions? Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions.

👉 AppSec eZine #552

AppSec eZine is back with issue #552.

Photo of PentesterLab
Written by PentesterLab
The platform to learn web hacking and security code review
Related Blog Post
☝️