RiSec Cybersecurity Research

Exploring the Digital Frontier, One Vulnerability at a Time.

Dedicated to advancing digital security through cutting-edge research, responsible disclosure, and community education.

Advisories Get in Touch

About Me

Profile of Steven Black

Hello, I'm Steven Black (@n0tst3), a security analyst, researcher, and penetration tester with a passion for uncovering vulnerabilities and making the digital world safer. My work focuses on web application security and responsible disclosure.

I've had the privilege of collaborating with teams on open-source projects and contributing to the security community. My expertise includes bug hunting, network protocol analysis, and reverse engineering. I'm always eager to explore new challenges and contribute to a more resilient technology landscape.

This platform serves as a hub for some of my advisories, research, and technical blog posts. I hope it becomes a valuable resource for fellow security professionals, developers, and anyone interested in the art and science of cybersecurity =].

Advisories & Disclosures

CVE-2023-36339 · 2023

IDOR in WebBoss.io CMS

An access control issue in WebBoss.io CMS before v3.7.0.1 allows attackers to > access the Website Backup Tool via a crafted GET request...

Read Full Advisory →
CVE-2023-39097 · 2023

Persistent (Stored) XSS in WebBoss.io CMS

Identified a persistent stored XSS vulnerability in a widely used Content Management System...

Read Full Advisory →
CVE-2023-37742 · 2023

Cross-Site Scripting (XSS) WebBoss.io CMS

WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected XSS via "q" parameter in the "search.html" page, "cmd" parameter in the "index.php"/"index.html"

Read Full Advisory →

Write-ups / Posts

A technical guide on how to set up and use fuzzing tools to find vulnerabilities. May 1, 2024

Automating Bug Hunting with Fuzzing

A technical guide on how to set up and use fuzzing tools to find vulnerabilities in software and web applications.

Read More →
A detailed image showing the security of WebAssembly April 20, 2024

A Deep Dive into WebAssembly Security

An in-depth look at the security model of WebAssembly and potential attack vectors for browser-based applications.

Read More →
A visual representation of the software supply chain April 5, 2024

Securing the Software Supply Chain

A practical guide for developers and security teams on how to mitigate risks in the software supply chain.

Read More →

Get in Touch

Whether you have a question about my research, a potential collaboration, or a security vulnerability to report, feel free to reach out.