Posts tagged 'Bounty Podcast'

233 - Spoofing Emails, PandoraFMS, and Keycloak

Kicking off 2024 with a longer episode as we talk about some auditing desktop applications (in the context of some bad reports to Edge). Then we've got a couple fun issues with a client-side path traversal, and a information disclosure due to a HTTP 307 redirect. A bunch of issues in PandoraFSM, and finally some research about parser differentials in SMTP leading to SMTP smuggling (for effective email spoofing).
 
1
2
3
4
5
6
7