so.cl

Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

2022 Microsoft Teams RCE

The deeplink handler for /l/task/:appId in Microsoft Teams can load an arbitrary URL in webview/iframe. An attacker can leverage this with teams RPC’s functionality to get code execution outside the sandbox. 2022 Microsoft Teams RCE

Nickname: sizeof(cat)
Job: Consultant, Hacker
PGP key: F273 5495

For a bird born in captivity, flight is a mental illness.