A journey in a Symfony website with JMose CommandScheduler enabled lead to some interesting results.

A journey in rConfig 3.9.4 lead to preauth sql injection, auth bypass, and remote code execution

Blog post for my talk about secure code review at End Summer Camp 2K20

Here is my take on eLearnSecurity eXploit Development Student course and relative certification process