Write up for the HackTheBox web challenge called ExpressionalRebel Expressional Rebel was a very entertaining medium web challenge, the solution involved exploiting a url Uconfusion vulnerability along with a regex injection, something I believe most have not tinkered with (at least it wasn’t the case for me!) The vulnerable application was written in NodeJS, in this case we are provided the source code, which was crucial for this kind of challenge or it would’ve been pretty insane to solve!| Tobia Righi - Security Researcher
This blogpost contains the process and solution which got me 2nd place in the ML Security Evasion Competition sponsored by Adversa AI, CUJO AI, and Robust Intelligence. The Phishing Challenge The challenge I focused on in this competition was their phishing detection evasion challenge. The goal of the challenge was to evade 8 machine learning models designed to detect phishing pages while maintaining the look of the pages pixel perfect.| Tobia Righi
Here is the presentation I have at Sec-T 2024 about Account Takeovers in Swedish BankID and other Cross-Device Authentication protocols| My Security Research on Tobia Righi - Security Researcher
A common misconfiguration found in services integrating BankID, allows attackers to take over victim's accounts exploiting a Session Fixation bug| My Security Research on Tobia Righi - Security Researcher
Phishing PassKeys credentials using browser intents| Tobia Righi