Menu

Close
  • Home
  • XFIL
  • AppSec
  • Home
Subscribe

Scroll Down
Page 1 of 4 Older Posts →

Remote Code Execution by Abusing Apache Spark SQL

While performing a security assessment for an application, there was interesting functionality that allowed users to execute arbitrary Spark SQL queries over analytics data. Vulnerability The »

Colin McQueen 24 October 2022

Privilege Escalation to Moderator using Email Aliases

On a recent assessment, I discovered an interesting vulnerability in a Firebase application that allowed me to create a second password for another user giving me »

Colin McQueen 04 August 2022

Blind Remote Code Execution through YAML Deserialization

While performing an application security assessment on a Ruby on Rails project, I discovered upload functionality that allowed users to upload text, CSV, and YAML files. »

Colin McQueen 09 June 2021

Amazon Web Services Core Assessment Playbook & Questionnaire

Stratum performs an ever-increasing number of AWS security assessments for our customers from large to small. These deep-dive assessments help identify deficiencies within the customer's AWS »

Trevor Hawthorn 08 July 2020

Early Lessons from the Capital One Data Breach

As more details about the Capital One breach are released in court filings [https://www.scribd.com/document/420164056/Paige-Thompson-Criminal-Complaint] and media reporting, we can start »

Jared Perry 31 July 2019
Page 1 of 4 Older Posts →
© 2022
Proudly published with Ghost
Stratum