07 Nov 2023
This blog post gives details about the GHSA-v3xf-c9qf-j667 vulnerability (for which GitHub issued CVE-2023-42451) and how it could be exploited. It is the second out of the 2 vulnerabilities that I reported to the Mastodon security team in August 2023 (more context can be found in the first blog post).
12 Oct 2023
I contacted the Mastodon security team in August 2023 to report 2 vulnerabilities in Mastodon itself, the software running a self-hosted, globally interconnected microblogging community.
27 Apr 2023
This blogpost explains how a quick but working solution was built to automatically generate subtitles and transcripts from audio and video files. As a bonus, a simple web interface is available for non tech-savvy users. The source code of the project can be found on github.com/scumjr/highball. Cheers!
28 Nov 2016
Writing reports in LaTeX is painful. However, it’s a great occasion to bring joy
to the office and pwn a coworker’s laptop while he’s kindly proofreading your
pentest report.
10 Jan 2016
In 2014, @coreykal,
@xenokovah,
@jwbutterworth3
@ssc0rnwell gave a talk entitled
Extreme Privilege Escalation on Windows 8/UEFI Systems
at Black Hat USA. They
introduced
the idea of a SMM rootkit called The Watcher slides (57 to 63). To sum it up: