Jonathan LeitschuhYou may want to be careful with your choice of `wkhtmltopdf`.https://wkhtmltopdf.org/status.htmlJul 8Jul 8
Jonathan LeitschuhinInfoSec Write-upsUpdate: Want to take over the Java ecosystem? All you need is a MITM!January 13th-15th, 2020 will break over 21% of the industry’s Java build infrastructure. Six months since my initial article disclosing…Jan 8, 2020Jan 8, 2020
Jonathan LeitschuhNeed MDNS? Just Install iTunesOver 6 years ago I was working on a small project called WPILib. WPILib is a library used by High School FIRST Robotics teams to program…Oct 9, 2019Oct 9, 2019
Jonathan LeitschuhinInfoSec Write-upsZoom Zero Day: 4 Million Webcams & maybe an RCE? Just get them to visit your website!Vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially…Jul 8, 2019107Jul 8, 2019107
Jonathan LeitschuhinInfoSec Write-upsWant to take over the Java ecosystem? All you need is a MITM!Hundreds of incredibly popular and widely deployed Java libraries & JVM compilers are still downloading their dependencies over HTTP with…Jun 10, 20193Jun 10, 20193
Jonathan LeitschuhLet’s write a (theoretical) Java Library WormThis Article is an addendum to Want to take over the Java ecosystem? All you need is a MITM!Jun 10, 2019Jun 10, 2019
Jonathan LeitschuhinInfoSec Write-upsGradle Plugin Portal: Clickjacking & Cross-Site Request Forgery enabling Account TakeoverTwo security vulnerabilities in the Gradle Plugin Portal would have allowed any website to change the username, email & password of any…Jan 9, 2019Jan 9, 2019
Jonathan LeitschuhinInfoSec Write-upsLeveraging Gradle Plugin wildcard versions for remote code executionExploit allowed any Gradle Plugin on the Gradle Plugin Portal to have it’s artifact coordinates hijacked by a malicious actor.Oct 22, 2018Oct 22, 2018