This post is largely my notes from getting all this working, you hopefully can follow along at home. This is part of the "Supporting/Reference Material" I'm publishing in

I came across this advisory from ZyXEL, and it seemed a good candidate for an evenings patch diffing. "The pre-authentication command injection vulnerability in some Zyxel NAS devices could allow an unauthenticated

Portswigger recently released their declarative scan language for Burp, which allows you to rapidly write active and passive scanner checks, called BChecks. It kind of is reminding me a bit of as if

After seeing this tweet by Craig, and remembering that you can just bruteforce hashed known_hosts entries with Hashcat or similar, I was having my morning dose of wakey wakey stuff and had

I’ve tried write this review more than once, and constantly lost the draft before publishing, so this is a one-sitting attempt given that I recently reread the book. I'll try