Professionally Evil Blog

A blog by experts of penetration testing and other security assessments.
    What happened to CVE-2022-23529? And what can we learn from it?
    If you saw the disclosure notice for the flaw CVE-2022-23529, it would have been presented as a remote code execution flaw (via JWT secret poisoning) in the `jwt.verify` method of a main Node.js package for working with JSON Web Tokens (JWTs). The package in question is Auth0’s node_jsonwebtoken ...
    Learn more

    Never miss a Professionally Evil update!

    Digging Between the Couch Cushions - CouchDB CVE-2021-38295 Breakdown
    Digging Between the Couch Cushions - CouchDB CVE-2021-38295 Breakdown
    Introduction In this blog post we’re going to take a look at the recent CouchDB vulnerability, ...
    Learn more
    ViewState XSS: What's the Deal?
      As penetration testers, there are many different technologies that we have to be familiar with.  ...
    Learn more
    How to Setup RatProxy on Windows
      In an effort to help developers and other windows users get started adding security testing into ...
    Learn more