Keeping your workflows secure. https://securitylab.servicenow.com/ Thu, 04 Dec 2025 07:09:20 -0800 Thu, 04 Dec 2025 07:09:20 -0800 Jekyll v3.10.0 Recently had the pleasure of attending DEFCON31 at Caesars Forum in Las Vegas. A few of us on the Red Team decided to... Tue, 05 Sep 2023 00:00:00 -0700 https://securitylab.servicenow.com/research/2023-09-05-defcon31-hackthebox-ctf/ https://securitylab.servicenow.com/research/2023-09-05-defcon31-hackthebox-ctf/ research Push verifications with an extra number challenge step have become a popular multi-factor authentication strategy. But does this extra step actually offer any added protection against hackers? Wed, 06 Sep 2023 00:00:00 -0700 https://securitylab.servicenow.com/research/2023-09-06-defeating-mfa-number-challenges/ https://securitylab.servicenow.com/research/2023-09-06-defeating-mfa-number-challenges/ research We will analyze and build a POC for CVE-2023-21967, a vulnerability in OpenJDK. Fri, 06 Oct 2023 00:00:00 -0700 https://securitylab.servicenow.com/research/2023-10-06-openjdk-vuln-reproduction-CVE-2023-21967/ https://securitylab.servicenow.com/research/2023-10-06-openjdk-vuln-reproduction-CVE-2023-21967/ research We will review some lessons learned and tips for effectively fuzzing your applications with Jazzer. Mon, 28 Oct 2024 00:00:00 -0700 https://securitylab.servicenow.com/research/2024-10-28-jazzer-practical-tips/ https://securitylab.servicenow.com/research/2024-10-28-jazzer-practical-tips/ research This blog post demonstrates Rhino Tracker, a solution for analyzing Rhino polyglot code. Mon, 04 Nov 2024 00:00:00 -0800 https://securitylab.servicenow.com/research/2024-11-04-a-rhino-of-a-problem/ https://securitylab.servicenow.com/research/2024-11-04-a-rhino-of-a-problem/ research This blog post compares the static analysis library SootUp to its predecessor Soot to determine areas of improvement, areas that still need work, and how fit SootUp is to be used in actual tool development. Tue, 12 Nov 2024 00:00:00 -0800 https://securitylab.servicenow.com/research/2024-11-12-sootup-vs-soot/ https://securitylab.servicenow.com/research/2024-11-12-sootup-vs-soot/ research This post introduces SNulk, a solution that allows users to effortlessly submit large numbers of templated records to a table on a ServiceNow instance. Tue, 14 Jan 2025 00:00:00 -0800 https://securitylab.servicenow.com/research/2025-01-14-snulk/ https://securitylab.servicenow.com/research/2025-01-14-snulk/ research This is the first article in a series for binary data analysis. It is an introduction to entropy. Mon, 07 Apr 2025 00:00:00 -0700 https://securitylab.servicenow.com/research/2025-04-07-Binary-Data-Analysis-The-Role-of-Entropy/ https://securitylab.servicenow.com/research/2025-04-07-Binary-Data-Analysis-The-Role-of-Entropy/ research This is the first article in a series for binary data analysis. It provides an approach to using entropy as a cost function for binary segmentation. Wed, 04 Jun 2025 00:00:00 -0700 https://securitylab.servicenow.com/research/2025-06-04-Binary-Segmentation-Entropy-As-A-Cost-Function/ https://securitylab.servicenow.com/research/2025-06-04-Binary-Segmentation-Entropy-As-A-Cost-Function/ research