In the security release of 11th Jan 2024, Gitlab patched a critical vulnerability “Account Takeover via Password Reset without user interactions”, for which CVE 2023-7028 was assigned.
This looked interesting, so we decided to look into the issue and the patch. This was our first time setting up the env and looking into the gitlab codebase.
Here is an overview of a command injection vulnerability in the GitHub CopilotForXcode extension and the original intitni extension from which it was forked:
I was assigned the task of reviewing the high-level functionality of the GitHub CopilotForXcode plugin, as GitHub launched support for the Copilot extension in Xcode, similar to Copilot Chat extension in Visual Studio Code.
Manual Source Code Review of WordPress Plugins You can watch the presentation here: Manual Source Code Review on WordPress Plugins
Introduction
WordPress plugins are packages of code that can be added to a WordPress website to extend its functionality. They are designed to enhance the core features of WordPress.
How I passed OSWE Background Currently, I work as a security consultant at Payatu, primarily focusing on web penetration testing and source code review. I also have around 2 years of experience in development mainly in Spring/Java. Given my background in both development and security, I thought OSWE would be a good choice.
Hi there!
This blog contains the write-up for 2 electron source code challenges and 1 android challenge that I created for Winja CTF for the Nullcon Goa event.
This is the vague write-up. I will update it soon.
Android Challenge Bypass the root detection and emulator check, if you are using any of these Host one HTML file with the below code <html> <body> <script type="text/javascript"> app.