Archive - Calif

New

US Offsite Summer 2023

This summer, Team Calif in Vietnam went to the US to visit the company's "headquarters". Company policy allowed anyone to go, but because getting a visa…

Oct 18 •

September 2023

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web—and beyond. You have a ton of options when it comes to…

Sep 14 •

July 2023

Reproducing CVE-2023-38646: Metabase Pre-auth RCE

By Duc Nguyen and Jang Nguyen

Jul 27

April 2023

Redash SAML Authentication Bypass

Redash is a popular data analysis and visualization tool. We recently reported a critical SAML authentication bypass vulnerability affecting it latest…

Apr 28 •

,

, and

Privilege escalation in AWS Elastic Kubernetes Service

The team recently encountered an interesting scenario where we were trying to escalate privileges from a compromised pod in AWS Elastic Kubernetes…

Apr 2 •

and

Fantastic Crypto Bugs and Where to Find Them

I was invited to present at the Open Source Cryptography Workshop, part of Real World Crypto 2023 in Tokyo. The organizers proposed that I demonstrate…

Apr 1 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts