Imre RadGitHub Enterprise Server vulnsThis is the follow up of my previous write up titled GitHub Bug bounty experiences: actions and CLI. I kept looking for GitHub…15 min read·Feb 16, 2024----
Imre RadGithub bug bounty experiences — Actions and CLIGithub bug bounty program has celebrated its 9th birth day recently and I decided to try myself in that space.9 min read·Sep 7, 2023----
Imre RadDVB-D (DVB over DLNA)Disclaimer: the project I’m outlining here, is highly experimental —kind of a PoC. Also, DVB-D is not a consortium standard for broadcast…3 min read·Apr 13, 2023----
Imre RadClipboard hazard with Google SheetsThis is an advisory about an interesting attack vector against Google Sheets that abuses embedded Sheets documents to exfiltrate content…2 min read·Mar 25, 2022----
Imre RadThe Speckle Umbrella story — part 2Back then in January, I reported a vulnerability to Google that let me spawn a remote shell on Cloud SQL instances, both MySQL and…18 min read·Oct 18, 2021----
Imre RadGoogle Cloud Build — under the hoodThis story began shortly after I published an advisory about a DHCP related flaw that affected Google’s Compute Engine. Dávid Schütz…11 min read·Sep 1, 2021----
Imre RadThe Nomulus riftIn the middle of 2020, I decided to look for vulnerabilities in some open source products of Google. They have many such projects, a public…6 min read·Aug 24, 2021----
Imre RadDropping a shell in Google’s Cloud SQL (the speckle-umbrella story)Intro17 min read·Feb 16, 2021----
Imre RadThe trouble with Microsoft’s TroubleshootersAn unpatched vulnerability in Microsoft’s Troubleshooting technology8 min read·Jan 15, 2020----