preloader

CLOAKED Labs

Technical posts on IT security

CVE-2021-26415

CVE-2021-26415

I’d like to share the details of CVE-2021-26415 (CVSSv3.0: 7.8) vulnerability that was patched on 2021-04-13. I found this bug somewhere around October 2020 and worked with Trend Micro’s Zero Day Initiative to report it to Microsoft.

Continue Reading
The gallery of HTTP headers

The gallery of HTTP headers

While learning Golang and working on some first experiments, I started a little side-project: a tool to download HTTP headers of most popular webpages. It would store them in a database, and do some analysis work.

Continue Reading
Bug Tales: deserialization meets squatting

Bug Tales: deserialization meets squatting

Background The issue I’m about to describe was reported as part of public bug bounty program. It was reported, bounty was granted1, and issue is now fixed. However, vendor disagreed to disclose the issue, therefor I will not name vendor or product.

Continue Reading