Skip to main content
HDWSec
Home

Blog & resources

Analysis, feedback and technical resources from the HDW Sec team.

Audit de sécurité d'une banque en ligne : SQL Injection, OTP Bypass et IDOR
Pentest 8 min read

Audit de sécurité d'une banque en ligne : SQL Injection, OTP Bypass et IDOR

Découvrez comment nous avons identifié plusieurs vulnérabilités critiques lors de l'audit d'une banque en ligne, incluant SQL Injection, contournement 2FA et IDOR.

Read article
Netskope Client Service Local Privilege Escalation
R&D 8 min read

Netskope Client Service Local Privilege Escalation

Local privilege escalation vulnerability in Netskope Client Service allowing USER to SYSTEM escalation through chained vulnerabilities.

Read article
Netgear Nighthawk R7000P UPnP Buffer Overflow Remote Code Execution
R&D 6 min read

Netgear Nighthawk R7000P UPnP Buffer Overflow Remote Code Execution

Critical stack buffer overflow vulnerability in Netgear UPnP daemon allowing remote code execution without authentication from WAN or LAN.

Read article
Netgear Nighthawk R7000P aws_json Unauthenticated Double Stack Overflow Vulnerability
R&D 6 min read

Netgear Nighthawk R7000P aws_json Unauthenticated Double Stack Overflow Vulnerability

Pre-authentication remote code execution vulnerability in Netgear Nighthawk R7000P aws_json binary — double stack buffer overflow exploitable from WAN without authentication.

Read article
Local Skype Security Flaw
R&D 5 min read

Local Skype Security Flaw

Discovery of a local security vulnerability in Skype for macOS allowing unsigned shared library injection.

Read article
Applied high-speed in-process fuzzing: the case of Foxit Reader
R&D 7 min read

Applied high-speed in-process fuzzing: the case of Foxit Reader

High-speed in-process fuzzing method applied to Foxit Reader to discover vulnerabilities in the ConvertToPDF_x86 plugin.

Read article
[MS15-010 / CVE-2015-0057] Exploitation
R&D 10 min read

[MS15-010 / CVE-2015-0057] Exploitation

Exploitation of CVE-2015-0057, a local privilege escalation vulnerability in win32k on Windows.

Read article
[CVE-2014-0322] "Snowman" exploit
R&D 10 min read

[CVE-2014-0322] "Snowman" exploit

Analysis and exploitation of CVE-2014-0322, a critical use-after-free vulnerability in Internet Explorer 10 discovered during Operation Snowman.

Read article
0day - MuPDF: Stack-based Buffer Overflow in xps_parse_color()
R&D 10 min read

0day - MuPDF: Stack-based Buffer Overflow in xps_parse_color()

Discovery of a 0-day vulnerability in MuPDF allowing remote code execution via a stack-based buffer overflow in xps_parse_color().

Read article

A question about your security?

Our experts are available to assess your risk exposure and provide a tailored response.

Talk to an expert