Professionally Evil Blog
A blog by experts of penetration testing and other security assessments.
What happened to CVE-2022-23529? And what can we learn from it?
If you saw the disclosure notice for the flaw CVE-2022-23529, it would have been presented as a remote code execution flaw (via JWT secret poisoning) in the `jwt.verify` method of a main Node.js package for working with JSON Web Tokens (JWTs). The package in question is Auth0’s node_jsonwebtoken ...Learn more
Testing | Vulnerability | Guidance | data breach | information security | penetration testing | application security | professionally evil | Secure Ideas | hacking | best practices | cybersecurity | Privilege Escalation
Application Security 202: Vulnerabilities Accepted
vul·ner·a·bil·i·ty The quality or state of being exposed to the possibility of being attacked or ...Learn more
Vulnerability | network | Secure Ideas | hacking | network security | Windows | scanning | methodology | how-to | Free
Quick Bites - Finding Open Windows File Shares
Hi there, ladies and gentlemen! My name is Aaron Moss, and welcome to the first edition of Quick ...Learn more
Vulnerability | developers | security | open source | information security | application security | hacking
Digging Between the Couch Cushions - CouchDB CVE-2021-38295 Breakdown
Introduction In this blog post we’re going to take a look at the recent CouchDB vulnerability, ...Learn more