I came across this advisory from ZyXEL, and it seemed a good candidate for an evenings patch diffing.
"The pre-authentication command injection vulnerability in some Zyxel NAS devices could allow an unauthenticated
Portswigger recently released their declarative scan language for Burp, which allows you to rapidly write active and passive scanner checks, called BChecks.
It kind of is reminding me a bit of as if
After seeing this tweet by Craig, and remembering that you can just bruteforce hashed known_hosts entries with Hashcat or similar, I was having my morning dose of wakey wakey stuff and had
I’ve tried write this review more than once, and constantly lost the draft before publishing, so this is a one-sitting attempt given that I recently reread the book. I'll try
Firstly, I didn't come up with this trick - I also can't remember who did, its been rattling around my brainhole for a while. I figured I'd