Archive - Calif

CVE-2024-10382: Arbitrary code execution in Android Auto and various apps

(Pending disclosure)

Dec 18 •

November 2024

What we do when we aren't hacking you

In my last year as a teenager, I worked as an IT assistant for Mr.

Nov 30 •

September 2024

Building new hospitals in Vietnam

Two years ago, when a close friend of the family (let's call him D) was sick, I took him to tour the hospitals in Saigon.

Sep 20 •

August 2024

Wormable Substack XSS

We found a stored Cross-Site Scripting (XSS) vulnerability in Substack.

Aug 12 •

July 2024

Type confusion attacks in ProseMirror editors

Jul 16 •

May 2024

Dissecting LockBit v3 ransomware

We analyzed a variant of LockBit v3 ransomware, and rediscovered a bug that allows us to decrypt some data without paying the ransom. We also found a…

May 2 •

,

, and

April 2024

Ransomware Response Strategy

Apr 11 •

March 2024

Microsoft Exchange 2010 Arbitrary User Impersonation

Microsoft Exchange is one of the most critical assets in any organization.

Mar 5 •

February 2024

January 2024

During a recent engagement, we exploited CSRF to take over Argo CD and get Kubernetes cluster admin privileges.

Jan 10 •

December 2023

Improving AI Safety with Red Teaming

We had the honor to join many esteemed speakers at AI Day 2023 to talk about improving AI safety with red teaming.

Dec 7, 2023 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts