Advisory about Remote Command Execution and Arbitrary File Write vulnerabilities found on GL.iNet routers.

In occasion of the HackInBo security conference, where I will talk about IIS Tilde Enumeration, I released the version 2.0 of the Burp extension that completely refactors the code, fixes a lot of bugs and adds some nice features.

Released the first version of the IIS Tilde Enumeration Scanner: a Burp Suite extension to detect and exploit this mysterious vulnerability that affected even portswigger.net!

Introducing badmoodle: an unofficial community-based vulnerability scanner for moodle that scans for canonical and non-canonical moodle vulnerabilities.

Advisory about Stored Cross-Site Scripting and Insecure Direct Object References vulnerabilities found on Yellowfin.

Advisory about Path Traversal Recursive Directory Listing and Arbitrary File Copy vulnerabilities found on Tiny File Manager.