Professionally Evil Blog
A blog by experts of penetration testing and other security assessments.
What happened to CVE-2022-23529? And what can we learn from it?
If you saw the disclosure notice for the flaw CVE-2022-23529, it would have been presented as a remote code execution flaw (via JWT secret poisoning) in the `jwt.verify` method of a main Node.js package for working with JSON Web Tokens (JWTs). The package in question is Auth0’s node_jsonwebtoken ...
Learn more
Never miss a Professionally Evil update!

Testing |
Vulnerability |
Guidance |
data breach |
information security |
penetration testing |
application security |
professionally evil |
Secure Ideas |
hacking |
best practices |
cybersecurity |
Privilege Escalation
Application Security 202: Vulnerabilities Accepted
vul·ner·a·bil·i·ty The quality or state of being exposed to the possibility of being attacked or ...
Learn more
Vulnerability |
network |
Secure Ideas |
hacking |
network security |
Windows |
scanning |
methodology |
how-to |
Free
Quick Bites - Finding Open Windows File Shares
Hi there, ladies and gentlemen! My name is Aaron Moss, and welcome to the first edition of Quick ...
Learn more
Vulnerability |
developers |
security |
open source |
information security |
application security |
hacking
Digging Between the Couch Cushions - CouchDB CVE-2021-38295 Breakdown
Introduction In this blog post we’re going to take a look at the recent CouchDB vulnerability, ...
Learn more