web IDOR with MongoDB: understanding ObjectID Given their complex appearance, some would think that exploiting IDOR based on MongoDB's ObjectID would be difficult. This is not the case as the ObjectID is not random
hardware Dumping a SLC NAND Flash with Atmel PMECC Dumping a NAND flash memory can be tricky. Especially with proprietary ECC. Here we dump an SLC NAND flash with PMECC correction.
wordpress Discovery of WordPress websites using wp-json WordPress exposes a new REST API since version 4.7. This API can be exploited to retrieve potential confidential information.
web Account enumeration on web applications Why a generic message to prevent user enumeration is an acceptable user experience degradation to improve security