Advertisement · 728 × 90

Posts by Flomb

Preview
Top 10 web hacking techniques of 2025 Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year

Incredibly excited to share that my research 'Playing with HTTP/2 CONNECT' made the final @portswigger.net
Top 10 Web Hacking Techniques of 2025!

A huge thank you to everyone who voted. It’s a privilege to be featured alongside such talented researchers.
portswigger.net/research/top...

2 months ago 4 0 0 1
Preview
CODE WHITE | Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive NetSupport Manager is a remote control and support software that we find surprisingly often utilized in sensitive *Operational Technology (OT)* environments, such as production plant networks. Besides...

You like technical deep dives into binary exploitation and crazy heap wizardry? Then you'll like our blog post about unauth'ed RCE in NetSupport Manager aka CVE-2025-34164 & CVE-2025-34165 code-white.com/blog/2026-01...

2 months ago 7 9 0 1
Preview
Top 10 web hacking techniques of 2025 Welcome to the community vote for the Top 10 Web Hacking Techniques of 2025.

Honored to be nominated for the @portswigger.net Top 10 Web Hacking Techniques 2025 with my research "Playing with HTTP/2 CONNECT".

Make sure to check out the full list and cast your vote!

portswigger.net/polls/top-10...

3 months ago 0 0 0 0
TIL: SNI-Based Auto Certificate Generation Is a Thing I recently stumbled upon a great writeup which explained how it is possible to get a SSRF from SNI to hit the Azure VM Instance Metadata Service(IMDS). Inspired, I started scanning for this behaviour ...

blog.flomb.net/posts/autotls/

3 months ago 0 0 0 0
Tekton Dashboard RCE and Kubernetes API Proxy This is the story of how I found two vulnerabilities in the Tekton CI/CD Dashboard component that allow remote code execution and a potential node takeover if deployed in read/write mode as well as pr...

blog.flomb.net/posts/tekton/

3 months ago 0 0 0 0
Playing with HTTP/2 CONNECT In HTTP/1, the CONNECT method instructs a proxy to establish a TCP tunnel to a requested target. Once the tunnel is up, the proxy blindly forwards raw traffic in both directions. This mechanism is mos...

blog.flomb.net/posts/http2c...

7 months ago 0 0 0 0
Preview
FAUST CTF 2025 | FAUST CTF 2025 FAUST CTF 2025 is an online attack-defense CTF competition run by FAUST, the CTF team of Friedrich-Alexander University Erlangen-Nürnberg

We always love a good challenge. That’s why we’re sponsoring the 10th FAUST CTF. Game on at 2025.faustctf.net

7 months ago 7 6 0 0
Preview
OBS WebSocket to RCE | Jorian Woltjer Disabling password authentication of your OBS WebSocket server can have devastating consequences. We'll attack from the browser to construct an RCE payload on Windows formed from the pixels of an imag...

Just pushed a new frontend for my site, and a new post!
This one's about an tricky file write vulnerability on Windows in OBS. By crafting an image with very specific pixels, we can plant a backdoor on your PC all from an attacker's site by misconfiguring:
jorianwoltjer.com/blog/p/resea...

10 months ago 5 2 1 0
MrBruh's Epic Blog One-Click RCE in ASUS’s Preinstalled Driver Software Introduction This story begins with a conversation about new PC parts. After ignoring the advice from my friend, I bought a new ASUS motherboard fo...

One-Click RCE in ASUS’s Preinstalled Driver Software
mrbruh.com/asusdriverhub/

11 months ago 6 4 0 0
Advertisement
CODE WHITE | Analyzing the Attack Surface of Ivanti's DSM Ivanti's Desktop & Server Management (DSM) product is an old acquaintance that we have encountered in numerous red team and internal assessments. The main purpose of the product is the centralized dis...

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-...

11 months ago 8 8 0 1
GFI MailEssentials - Yet Another .NET Target What is this product GFI MailEssentials all about? We’re living the future, right? So let’s ask the GFI AI.

My blog post on some vulns in GFI MailEssentials

frycos.github.io/vulns4free/2...

11 months ago 7 7 0 0
Exploiting IngressNightmare: A Deep Dive Wiz recently discovered an unauthenticated remote code execution (RCE) vulnerability in the Ingress NGINX admission controller. I found the exploit chain particularly intriguing and decided to recreat...

blog.flomb.net/posts/ingres...

1 year ago 5 3 0 0
Walkthrough 2023

Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) apply-if-you-can.com/walkthrough/...

1 year ago 7 10 0 0