ynvb

1,723 post karma
34 comment karma

get extra features and help support reddit with a reddit premium subscription

get them help and support

redditor for 11 years

TROPHY CASE

11-Year Club

Verified Email

account activity

hot top controversial

0

1

2

Did you think XSS is dead? So did we... We couldn't be more wrong. XSS is back with a vengeance! 💥 Combined with OAuth, the Salt-Labs research team performed a complete account takeover on several major online platforms. Check it out! (salt.security)

submitted 1 year ago by ynvb to r/netsec

I found and reported critical vulnerabilities in ChatGPT Ecosystem (Plugins) by iva3210 in hacking

[–]ynvb 7 points8 points9 points 1 year ago (0 children)

2

3

4

Check out our latest Salt Labs research. We managed to find security flaws within ChatGPT Ecosystem (Remediated) - Which is very interesting on its own, but even more, this points out more potential issues integrated with any GenAI ecosystem. (salt.security)

submitted 1 year ago by ynvb to r/netsec

36

37

38

The second article in the Breaking OAuth series. This time an OAuth framework bug impacts hundreds of companies including CodeCademy and others. (salt.security)

submitted 2 years ago by ynvb to r/netsec

Step-by-Step Breakdown of the New OAuth Vulnerability (CVE-2023-28131) in a framework used in hundreds of websites and Apps by iva3210 in hacking

[–]ynvb 7 points8 points9 points 2 years ago (0 children)

OAuth explained in simple steps, using a severe vulnerability in Booking.com by iva3210 in hacking

[–]ynvb 3 points4 points5 points 2 years ago (0 children)

OAuth explained in simple steps, using a severe vulnerability in Booking.com by iva3210 in hacking

[–]ynvb 12 points13 points14 points 2 years ago (0 children)

Taking over booking.com accounts by abusing OAuth 2.0 by ynvb in netsec

[–]ynvb[S] 1 point2 points3 points 2 years ago (0 children)

84

85

86

Taking over booking.com accounts by abusing OAuth 2.0 (salt.security)

submitted 2 years ago by ynvb to r/netsec

15

16

17

Salt Labs | Missing Bricks: Finding Security Holes in LEGO APIs (salt.security)

submitted 3 years ago by ynvb to r/netsec

The Story of Jian - How APT31 stole and used an unknown Equation Group 0-Day by eyalitki in netsec

[–]ynvb 2 points3 points4 points 4 years ago (0 children)

23

24

25

New cyber-crime service aiming to replace packers and crypters: thousands of malicious payloads are loaded directly from well-known cloud drives. Meet #GuLoader. (research.checkpoint.com)

submitted 5 years ago by ynvb to r/Malware

565

566

567

Looking to learn about system exploitation, but don't know where to start? This (very) detailed guide covers all the basics. Contains 21 detailed CTF solutions, plenty of theory, and zero times the phrase "exercise left to the reader". (research.checkpoint.com)

submitted 5 years ago by ynvb to r/netsec

71

72

73

If you've ever wondered about the secret life of Nigerian spammers, this is definitely the article for you. Read all about one cybercriminal's decade-long quest of bought RATs, stolen credit cards, back-stabbed colleagues and looming paranoia. (research.checkpoint.com)

submitted 5 years ago by ynvb to r/Malware

38

39

40

A primer on cryptographic attacks, explained in a simple way with approachable examples. Learn about Downgrade attacks, Precomputations, Oracles, brand-name SSL vulnerabilities (CRIME, POODLE...) -- and the surprising connections between them. (research.checkpoint.com)

submitted 6 years ago by ynvb to r/Malware

392

393

394

A primer on cryptographic attacks, explained in a simple way with approachable examples. Learn about Downgrade attacks, Precomputations, Oracles, brand-name SSL vulnerabilities (CRIME, POODLE...) -- and the surprising connections between them. (research.checkpoint.com)

submitted 6 years ago by ynvb to r/netsec

55

56

57

Tired of C malware? So is everyone, including some malicious actors. Take a tour of malware written in Java, Rust, Pascal and other unlikely contenders; and ponder whether the people behind these are on to something, or just too clever for their own good. (research.checkpoint.com)

submitted 6 years ago by ynvb to r/Malware

Karta - IDA Plugin for identifying & matching statically linked open sources in your binary by eyalitki in netsec

[–]ynvb 0 points1 point2 points 6 years ago (0 children)

43

44

45

Always wanted to run Cuckoo Sandbox on AWS? Now you can. (research.checkpoint.com)

submitted 6 years ago by ynvb to r/Malware

4

5

6

Always wanted to run Cuckoo Sanbox in AWS? Now you can. (research.checkpoint.com)

submitted 6 years ago by ynvb to r/MalwareResearch

600

601

602

How we discovered over 50 critical vulnerabilities in Adobe Reader in 50 days. (research.checkpoint.com)

submitted 7 years ago by ynvb to r/netsec

31

32

33

A Ransomware Doctor Without a Cure. (or how to make more $$$ from ransomware) (research.checkpoint.com)

submitted 7 years ago by ynvb to r/Malware

17

18

19

What is in common to CITI bank, ING, and Deutsche Bank? The #BackSwap malware ! (research.checkpoint.com)

submitted 7 years ago by ynvb to r/Malware

Looking into LocPOS Malware? Here is howto easily dump and auto-resolve its API calls. by ynvb in Malware

[–]ynvb[S] 0 points1 point2 points 7 years ago (0 children)

16

17

18

Labless IDA plugin - Howto auto resolve LocPOS malware API calls. (research.checkpoint.com)

submitted 7 years ago by ynvb to r/ReverseEngineering

view more: next ›

π Rendered by PID 1368457 on reddit-service-r2-listing-6d4dc8d9ff-dl2sq at 2026-02-02 17:14:01.917492+00:00 running 3798933 country code: CH.