Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

CodeAnt AI is a AI assisted code review platform. They were scanning open-source repositories for CVE patches and checking whether the patches actually fixed the claimed vulnerability. Since patches are sometimes wrong, this is a good way to find bugs.

While reviewing the code, the AI tool flagged a null check within signedJWT directly before the signature verification block. If the signedJWT is not null, then verify the signature. Otherwise, do nothing. In the case of an exception in Java, the code exited. So, what does toSignedJWT() normally return?

toSignedJWT() will try to parse the decrypted payload as a signed JWT. If it's a PlainJWT, which is an unsigned token, it returns null. Using this type completely bypasses JWT verification.

They found another issue in simple git using a similar type of analysis. This bug was a case-sensitivity issue in a regex that allowed a bypass of two previous patches.

The bug is interesting, but the blog post was somewhat misleading and poorly written from a technical standpoint. Although it's a good bug, it felt more like marketing and introductory-level analysis. "Look at us" and "look at the impact" were the vibes of the post.