Real World - Pwning Tech

Real World

Real world related content are blogposts about real vulnerability research and exploit development that can be applied in a real environment - not capture flag environments. This can be helpful to readers so they can learn to apply their own skills outside of a capture the flag environment.

How I hacked IoT management apps: the story behind CVE-2022-46640

Have you ever wondered how secure desktop applications really are? Recently, we put one of them to the test and found some critical vulnerabilities such as unauthenticated Remote Code Execution (CVE-2022-46640), Local File Inclusion and Remote Wireless Reconfiguration which allowed us to remotely compromise the Windows desktop. In this blogpost,

How I hacked smart lights: the story behind CVE-2022-47758

In this blogpost, we take a closer look at our research regarding CVE-2022-47758: a critical vulnerability impacting a very large number of Internet of Things smart devices. We could leverage this vulnerability in the lamp's firmware for unauthenticated remote code execution on the entire device with the highest privileges and