RiSec Cybersecurity Research

Exploring the Digital Frontier, One Vulnerability at a Time.

Dedicated to advancing digital security through cutting-edge research, responsible disclosure, and community education.

Advisories Get in Touch

About Me

Profile of Steven Black

Hello, I'm Steven Black (@n0tst3), a security analyst, researcher, and penetration tester with a passion for uncovering vulnerabilities and making the digital world safer. My work focuses on web application security and responsible disclosure.

I've had the privilege of collaborating with teams on open-source projects and contributing to the security community. My expertise includes bug hunting, network protocol analysis, and reverse engineering. I'm always eager to explore new challenges and contribute to a more resilient technology landscape.

This platform serves as a hub for some of my advisories, research, and technical blog posts. I hope it becomes a valuable resource for fellow security professionals, developers, and anyone interested in the art and science of cybersecurity =].

Advisories & Disclosures

CVE-2023-36339 · September 12, 2023

IDOR in WebBoss.io CMS CVE-2023-36339

An access control issue in WebBoss.io CMS before v3.7.0.1 allows attackers to > access the Website Backup Tool via a crafted GET request. > commence a back up request > download the backup

Read More →
CVE-2024-5678 · March 20, 2024

Authentication Bypass in ABC CMS

Identified a flaw in the password reset function of ABC CMS, allowing unauthenticated users to gain access.

Read Full Advisory →
CVE-2024-9012 · February 10, 2024

Cross-Site Scripting (XSS) in IoT Device

Found a stored XSS vulnerability in the web interface of a popular smart home hub.

Read Full Advisory →

Latest Posts

Blog post image May 1, 2024

Automating Bug Hunting with Fuzzing

A technical guide on how to set up and use fuzzing tools to find vulnerabilities in software and web applications.

Read More →
Blog post image April 20, 2024

A Deep Dive into WebAssembly Security

An in-depth look at the security model of WebAssembly and potential attack vectors for browser-based applications.

Read More →
Blog post image April 5, 2024

Securing the Software Supply Chain

A practical guide for developers and security teams on how to mitigate risks in the software supply chain.

Read More →

Get in Touch

Whether you have a question about my research, a potential collaboration, or a security vulnerability to report, feel free to reach out.