Calif
Subscribe
Sign in
Home
Visit Calif
Archive
About
Latest
Top
Discussions
Wormable Substack XSS
We found a stored Cross-Site Scripting (XSS) vulnerability in Substack.
Aug 12
•
Khanh
13
Share this post
Wormable Substack XSS
blog.calif.io
Copy link
Facebook
Email
Note
Other
July 2024
Type confusion attacks in ProseMirror editors
Summary
Jul 16
•
Khanh
10
Share this post
Type confusion attacks in ProseMirror editors
blog.calif.io
Copy link
Facebook
Email
Note
Other
May 2024
Dissecting LockBit v3 ransomware
We analyzed a variant of LockBit v3 ransomware, and rediscovered a bug that allows us to decrypt some data without paying the ransom. We also found a…
May 2
•
Nhân Huỳnh
,
Hoang Nguyen
, and
Thai Duong
36
Share this post
Dissecting LockBit v3 ransomware
blog.calif.io
Copy link
Facebook
Email
Note
Other
1
April 2024
Ransomware Response Strategy
Summary
Apr 11
•
Nhân Huỳnh
25
Share this post
Ransomware Response Strategy
blog.calif.io
Copy link
Facebook
Email
Note
Other
March 2024
Microsoft Exchange 2010 Arbitrary User Impersonation
Microsoft Exchange is one of the most critical assets in any organization.
Mar 5
•
Khanh
13
Share this post
Microsoft Exchange 2010 Arbitrary User Impersonation
blog.calif.io
Copy link
Facebook
Email
Note
Other
1
February 2024
A trip to the White House
Two days before the Lunar New Year 2024, I went to the White House to meet with representatives of the National Security Council (NSC) to discuss…
Feb 11
•
Calif
11
Share this post
A trip to the White House
blog.calif.io
Copy link
Facebook
Email
Note
Other
1
A letter from Thai
It's 4am.
Feb 1
•
Calif
9
Share this post
A letter from Thai
blog.calif.io
Copy link
Facebook
Email
Note
Other
January 2024
Argo CD CSRF
During a recent engagement, we exploited CSRF to take over Argo CD and get Kubernetes cluster admin privileges.
Jan 10
•
An Trinh
6
Share this post
Argo CD CSRF
blog.calif.io
Copy link
Facebook
Email
Note
Other
December 2023
Improving AI Safety with Red Teaming
We had the honor to join many esteemed speakers at AI Day 2023 to talk about improving AI safety with red teaming.
Dec 7, 2023
•
Calif
3
Share this post
Improving AI Safety with Red Teaming
blog.calif.io
Copy link
Facebook
Email
Note
Other
October 2023
US Offsite Summer 2023
This summer, Team Calif in Vietnam went to the US to visit the company's "headquarters".
Oct 18, 2023
•
Calif
9
Share this post
US Offsite Summer 2023
blog.calif.io
Copy link
Facebook
Email
Note
Other
1
September 2023
CraftCMS RCE
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web—and beyond.
Sep 14, 2023
•
Thanh
11
Share this post
CraftCMS RCE
blog.calif.io
Copy link
Facebook
Email
Note
Other
July 2023
Reproducing CVE-2023-38646: Metabase Pre-auth RCE
By Duc Nguyen and Jang Nguyen
Jul 27, 2023
10
Share this post
Reproducing CVE-2023-38646: Metabase Pre-auth RCE
blog.calif.io
Copy link
Facebook
Email
Note
Other
1
Share
Copy link
Facebook
Email
Note
Other
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts