Discover how we responsibly disclosed active secrets to some of Canada's largest Internet Service Providers, and the Postman tooling we built along the way.

By Dominik Penner & Jake Bolam

Dominik Penner, discovered that Maltego versions 4.2.11 and below are vulnerable to XML external entity (XXE) injection via processing of MTZ (config) and MTGL (graph) files.

By Dominik Penner

Analysis of CVE-2019-14744, a command injection vulnerability discovered in KDE Frameworks' KConfig class affecting versions below 5.61.0.

By Dominik Penner

Discovery and analysis of an unauthenticated blind XML injection and XXE vulnerability in Axway SecureTransport 5.0-5.3.

By Dominik Penner

Take a look into how custom URI schemes can be used to leverage underlying vulnerabilities in applications.

By Dominik Penner

A vulnerability chain in EA's Origin Client that escalated from content injection to remote code execution through template injection and XSS.

By Dominik Penner