Recent News

Breaking PHP’s Garbage Collection and Unserialize

Breaking PHP’s Garbage Collection and Unserialize

Category: Security Research - July 25, 2016 - 2 Comments

Hey PHP, those variables look like garbage don’t you agree? No? Well look again…   tl;dr: We have found two use-after-free vulnerabilities in PHP’s garbage collection algorithm: One vulnerability affecting all PHP 5 versions [...]

How we broke PHP, hacked Pornhub and earned $20,000

How we broke PHP, hacked Pornhub and earned $20,000

Category: Bug Bounties - July 23, 2016 - 32 Comments

It all started by auditing Pornhub, then PHP and ended in breaking both…   tl;dr: We have gained remote code execution on pornhub.com and have earned a $20,000 bug bounty on Hackerone. We have [...]

Fuzzing Unserialize

Fuzzing Unserialize

Category: Security Research - July 23, 2016 - 7 Comments

While auditing Pornhub we have stumbled across several pages where user input was evaluated by unserialize and the result was reflected back to the page. After enumerating class names from known frameworks and testing [...]

Non-root GPU passthrough setup

Non-root GPU passthrough setup

Category: Guides - February 08, 2016 - 34 Comments

If you want to use Linux as your main operating system and don’t want to do compromises like using a dual-boot solution with Windows there is an alternative called GPU passthrough. You basically pass [...]

TeamSpeak 2 Session Hijacking

TeamSpeak 2 Session Hijacking

Category: Cryptography - August 14, 2014 - (0) comments

Hey folks, today I write about a (probably unknown) TeamSpeak 2 session hijacking vulnerability. TeamSpeak 2 is a voice-over-Internet Protocol (VoIP) software that was written in Delphi. Although there is already a newer version [...]