flomb - @fl0mb.bsky.social

Published my write-up regarding two vulnerabilities in the Tekton Dashboard. blog.flomb.net/posts/tekton/

form-action Content Security Policy Bypass This bypass can help you turn those unexploitable XSS bugs into exploitable vulnerabilities. nzt-48.org/form-action-co…

It's been a while since I last had a personal blog. Created a new one and we start off with a pretty cool chain. "Developing a Docker 1-Click RCE chain for fun" m0z.ie/research/2025-…

Escaping the Chrome Sandbox Through DevTools ading.dev/blog/posts/chr…

Here is a really cool blog post by wasamasa whos is a past student of our FSWA class: emacsninja.com/posts/cve-2025…. You can find them on Mastodon: lonely.town/@wasamasa/

"Funky chunks: abusing ambiguous chunk line terminators for request smuggling" - quality research by @__w4ke! Also thankfully it doesn't overlap with my upcoming presentation 😅 w4ke.info/2025/06/18/fun…

A quick-and-dirty late night blog post on discovering an nday variant in Zyxel NWA50AX Pro devices frycos.github.io/vulns4free/202…

Three unexpected attack scenarios: 1. Marshaling private data with misconfigured tags 2. Parser differentials in a microservices architecture 3. Cross-format confusion attacks (JSON→XML) blog.trailofbits.com/2025/06/17/une…

One-Click RCE in ASUS’s Preinstalled Driver Software mrbruh.com/asusdriverhub/

Here is a short writeup for my recently discovered CVE: hesec.de/posts/cve-2025…

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-de…

My blog post on some vulns in GFI MailEssentials frycos.github.io/vulns4free/202…

badoption.eu/blog/2025/04/2… Did you know that it is quite easy to spoof commit authors and contributors on github? And some other things also handled in the blogpost. Feedback is welcome :)

Did you know, that PW "encryption" for ZIP files has some room for improvement and can be circumvented in some cases? Not new, but seem to be a lesser known technique. Made a small WriteUp for this. badoption.eu/blog/2025/04/0…

blog.flomb.net/posts/ingressn…

Our crew members @mwulftange & @frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following @SinSinology & @chudyPB's blog. Don’t blacklist, replace BinaryFormatter.

@hellofreshde, wieso bekommt ihr das über 2 Monate und unzähligen Supportanfragen nicht hin die Rechnungsadresse korrekt zu setzen? Wieso kann man das eigentlich nicht wie in jeder normalen Bestellapp selbst? Euer Supportteam taugt leider auch nur so weit wie man sie werfen kann.

Using Telerik Reporting or Report Server? Patch now to fix 3 RCEs @mwulftange found (CVE-2024-8015, CVE-2024-8014, CVE-2024-8048). Telerik vulns have a history of being exploited by threat actors according to @CISACyber Details at code-white.com/public-vulnera…

A blog post with the technical details of my @hexacon_fr talk is now live. Thank you all for the positive feedback on the talk :)

BeanBeat has been aquired by Kurts Maultaschenfabrikle! You don't know what that means? Head over to apply-if-you-can.com to find out in challenges that, without exception, stem from real-world vulns #uncompromisingRealism #finestHacking