Secfault Security GmbH

We recently did some internal research and took a look at the JavaScript runtime Deno. We found a couple of interesting bypasses for their permission system. If you'd like to learn more, please feel free to check out our blogpost at https://t.co/worNH0qJ4G.

We've taken (another) look at the OpenOlat learning management solution and found an XXE issue, which can be turned into an arbitrary file read and an SSRF problem. In case you're interested, make sure to read our blog post at https://t.co/iJmS8VPtR3!

We recently decided to take a look at LibreOffice, and found an (almost) arbitrary file write issue, which is now public (CVE-2023-1183). If you're interested, check out https://t.co/aRQta0XrHM for details :)

Last year we did a number of projects for AgileBits, focusing on the 1Password ecosystem. The reports have now been made public, so in case you're interested to get an impression feel free to check https://t.co/rbWpdIWUuX.

As one of our internal research projects, we've recently taken a look at some self-powered wireless 433MHz light switches, particularly on reverse-engineering the used radio protocol and building a custom receiver. If you're interested, make sure to check https://t.co/tmBj1sG8ix.

We have recently conducted a review of the 1Password developer tools. Our report is now public, so please feel free to check it out: https://t.co/KQvudlUFdH

Some time ago, we've had a look at the F*EX file exchange solution (https://t.co/UdW40fsXJL), and found a pre-auth RCE. We now published a small write-up on this: https://t.co/x47OUrOUcM

All applications for the Pro-bono Pentests for COVID-19-related Apps & Software have been reviewed and the committee has chosen the winners. More info to follow soon 🙂

Today is the last day to apply for a FREE pentest on your application that helps fight COVID-19! Since the closure of schools requires good tools for educational learning, we would love to see last minute submissions from this field.