Zoom Zero Day Followup: Getting the RCE

Last week, Jonathan Leitschuch wrote an excellent blog post covering the vulnerabilities within Zoom’s Mac client. Jonathan’s research was independent of ours, and since the vulnerabilities are now patched, we wanted to disclose a remote code execution with the same root cause, and share our story of coming across the initial privacy issue and escalating it into something much worse.

Getting access to Zendesk’s Google Cloud and Artifactory from GitHub dotfile repos

Discovering a zero day and getting code execution on Mozilla's AWS Network

When Assetnote Continuous Security (CS) monitors your attack surface, one of the things it looks for are instances of WebPageTest. WebPageTest is a website performance testing tool that lets you test network related metrics for any given URL/host.

Gaining access to Uber's user data through AMPScript evaluation

Modern development and infrastructure management practices are fast paced and constantly evolving. In the race to innovate and expand, new assets are being deployed and exposed to the public Internet rapidly and existing assets are continuously evolving.