Michal VálkaOct. 14, 2022
[-]

Remote Code Execution in JXPath Library (CVE-2022-41852)

On 6th October 2022 new CVE was released for critical vulnerability with identifier CVE-2022-41852. This vulnerability affects Java library called Apache Commons JXPath, which is used for processing XPath syntax. All versions (including latest version) are affected by this vulnerability.

Filip ZvařičSept. 22, 2020
[-]

Car Hacking Introduction

How to control a car remotely? Or, how to unlock a car without brute force? In this article, we will answer not only the questions above, but many others too. We will take a look at the systems in modern vehicles, attack vectors on vehicles and describe the principles of the most common types of attacks.

Michal VálkaSept. 1, 2020
[-]

PEnetration TEsting Proxy (PETEP)

Capturing network communication based on the TCP protocol and modifying it by creating a specialized Man-in-the-Middle proxy is one of many practices used for searching for security flaws in network applications. In this article, we will focus on the use of the cross-platform open-source application PETEP for testing fat clients using TCP protocols and show a simplified attack procedure on a sample vulnerable application.

Michael KupkaApril 20, 2020
[-]

Akuvox – Intercom and Doorbell (IoT Case Study)

We come with the next part in the series on the security of commonly available IoT devices. This time we will take a look, beside other things, at a smart doorbell – can an attacker watch you through its camera? Will the bell open the front door even without PIN? We tested the device literally "through and through". Come and take a look.