And smalidea-ng gets initial renaming support 👍!

Looking so much forward to have a lot of time soon to work on exciting projects I always wanted to work on full-time 😎🍀

smalidea-ng now supports line mapping between Smali and Java thanks to JADX. This also works while debugging of Smali code.

And finally smalidea-ng gets initial decompiler support (thanks to @Skylot for JADX). Still some work ahead👍

Super cool potential ASLR leak involving dictionary hashes! googleprojectzero.blogspot.com/2025/09/poin...

smalidea-ng: The moment your method references are indexed and your call-hierarchy returns within a second.

Arrived in Berlin for @offensivecon.bsky.social. Don’t be shy and say hi! Looking forward to meet old and new friends👍

After many hours of development my Smalidea fork supports:
- parameters and variables with type information
- conditional breakpoints
- change parameters and variables via "expression" or "setValue". Quite happy with the results 😀

3. Parameters and Variables in Debug View 😍

I guess I'm the only single person working on an IntelliJ plugin using Eclipse😀

2. Type Hierarchy

Look Mom, smalidea (github.com/JesusFreke/s...) has new features: 1. Call-Hierarchy

Bypassing Authentication Like It’s The ‘90s - Pre-Auth RCE Chain(s) in Kentico Xperience CMS I recently joined watchTowr, and it is, therefore, time - time for my first watchTowr Labs blogpost, previously teased in a tweet of a pre-auth RCE chain affecting some ‘unknown software’. Joining th...

My first watchTowr post is out! It was my first take on a CMS solution and I was able to get some interesting pre-auth RCE chains on Kentico Xperience. 😎

labs.watchtowr.com/bypassing-au...

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.

If you're using ruby-saml or omniauth-saml for SAML authentication make sure to update these libraries as fast as possible! Fixes for two critical authentication bypass vulnerabilities were published today (CVE-2025-25291 + CVE-2025-25292).

github.blog/security/sig...

Finally had some time to put together a new blog post. It’s not groundbreaking, but it could still be interesting if you're into application security.

I tried VSC Java debugging once and immediately gave up. Debugging Ghidra with Eclipse works perfectly. And probably IDEA as well.

New blog post on the abuse of the IDispatch COM interface to get unexpected objects loaded into a process. Demoed by using this to get arbitrary code execution in a PPL process. googleprojectzero.blogspot.com/2025/01/wind...

Congrats 👏 🎉 Looking forward to the upcoming RCEs😎

I'm happy to announce that I have recently joined watchTowr as a Principal Vulnerability Researcher. The break is over, it's time to do some new research 🫡

Congrats! All the best 🥳

Thx!

I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!

Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...

👍 and Hi :-)