Advisories

AWAE – Brief Course Review for OSWE

21/05/2025

Advanced Web Attacks and Exploitation (AWAE) course is a course offers by Offensive Security which aims toward an understanding of web applications penetration…

Advisory

CRTA สำหรับมือใหม่ – รีวิวสอบ Red Team Cert ในราคาไม่ถึงสิบเหรียญ

12/05/2025

บทความนี้เป็นการถ่ายทอดประสบการณ์สอบ Certified Red Team Analyst (CRTA) จากค่าย CyberWarFare Labs (CWL) โดยผู้เขียนได้ซื้อคอร์สตั้งแต่ปีที่แล้ว และมีโอกาสเข้าสอบเมื่อช่วงปลายเดือนเมษายนที่ผ่านมา หากผู้อ่านท่านใดสนใจรายละเอียดของคอร์ส สามารถเข้าไปดูได้ที่ https://cyberwarfare.live/product/red-team-analyst-crta

In this post, we’ll explore how an attacker can still bypass IMDSv2 protections using the Gopher protocol — an often-overlooked SSRF vector that enables sending raw TCP requests. By chaining this technique with SSRF, we demonstrate how to extract AWS temporary credentials and escalate privileges inside the cloud environment.

Advisory

MIDA2025-0005: Circumvent IMDSv2 using Gopher Protocol

25/04/2025

TitleCircumvent IMDSv2 using Gopher ProtocolMcAiden Vulnerability No.MIDA2025-0005ProductAWSPublish2025-04-25ByMcAiden Research Lab Introduction In the ever-evolving landscape of cloud security, Amazon Web Services (AWS) has introduced…

Advisory

MIDA2025-0003: Establishing Key for End-to-End Encryption

22/04/2025

Key exchange is a fundamental step in establishing end-to-end encrypted (E2EE) communication. A secure key exchange ensures that only intended parties can derive…

Advisory

MIDA2025-0002: Certificate Pinning Is Not Outdated if You Do It Right

03/02/2025

TitleCertificate Pinning Is Not Outdated if You Do It RightMcAiden Vulnerability No.MIDA2025-0002ProductAndroidFound2025-02-03ByNutthanon Thongcharoen (McAiden Consulting Co., Ltd.) Pumipat Korncharornpisuit (McAiden Consulting Co., Ltd.)…

Advisory

MIDA2025-0001: Third-Party Keyboard Detection on Android

23/01/2025

TitleThird-Party Keyboard Detection on AndroidMcAiden Vulnerability No.MIDA2025-0001ProductAndroidFound2025-01-20ByNutthanon Thongcharoen (McAiden Consulting Co., Ltd.) Pumipat Korncharornpisuit (McAiden Consulting Co., Ltd.) McAiden Research Lab Vulnerability Overview/Description…

Our Advisories

Our Advisories

Latest Blog & Advisories

Make Appointment

Contact us, we want to help you

Services

Contact