Honored to be nominated for the @portswigger.net Top 10 Web Hacking Techniques 2025 with my research "Playing with HTTP/2 CONNECT".
Make sure to check out the full list and cast your vote!
portswigger.net/polls/top-10...
blog.flomb.net/posts/http2c...
blog.flomb.net/posts/autotls/
blog.flomb.net/posts/tekton/
One-Click RCE in ASUS’s Preinstalled Driver Software
mrbruh.com/asusdriverhub/
Flomb
Incredibly excited to share that my research 'Playing with HTTP/2 CONNECT' made the final @portswigger.net
Top 10 Web Hacking Techniques of 2025!
A huge thank you to everyone who voted. It’s a privilege to be featured alongside such talented researchers.
portswigger.net/research/top...
We always love a good challenge. That’s why we’re sponsoring the 10th FAUST CTF. Game on at 2025.faustctf.net
Flomb
Just pushed a new frontend for my site, and a new post!
This one's about an tricky file write vulnerability on Windows in OBS. By crafting an image with very specific pixels, we can plant a backdoor on your PC all from an attacker's site by misconfiguring:
jorianwoltjer.com/blog/p/resea...
Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-...
You like technical deep dives into binary exploitation and crazy heap wizardry? Then you'll like our blog post about unauth'ed RCE in NetSupport Manager aka CVE-2025-34164 & CVE-2025-34165 code-white.com/blog/2026-01...
Flomb
Flomb
Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
Ivanti's Desktop & Server Management (DSM) product is an old acquaintance that we have encountered in numerous red team and
internal assessments. The main purpose of the product is the centralized dis...
code-white.com
NetSupport Manager is a remote control and support software that we find surprisingly often utilized in sensitive *Operational Technology (OT)* environments, such as production plant networks. Besides...
In HTTP/1, the CONNECT method instructs a proxy to establish a TCP tunnel to a requested target. Once the tunnel is up, the proxy blindly forwards raw traffic in both directions. This mechanism is mos...
I recently stumbled upon a great writeup which explained how it is possible to get a SSRF from SNI to hit the Azure VM Instance Metadata Service(IMDS). Inspired, I started scanning for this behaviour ...
This is the story of how I found two vulnerabilities in the Tekton CI/CD Dashboard component that allow remote code execution and a potential node takeover if deployed in read/write mode as well as pr...
Welcome to the community vote for the Top 10 Web Hacking Techniques of 2025.
portswigger.net
One-Click RCE in ASUS’s Preinstalled Driver Software Introduction This story begins with a conversation about new PC parts.
After ignoring the advice from my friend, I bought a new ASUS motherboard fo...
Disabling password authentication of your OBS WebSocket server can have devastating consequences. We'll attack from the browser to construct an RCE payload on Windows formed from the pixels of an imag...
