February 17, 2025

Farewell X/Twitter, Hello Bluesky

Since 2009, Recurity Labs has been active on X - formerly known as Twitter - under the account @0x41414141. Twitter/X was an important platform to keep up with the latest...

February 27, 2023

Discover - The good hackers

A while back, Felix and Nico sat down to talk to MAN Energy Solutions’ online customer magazine, Discover. Since 2018, Recurity Labs has been working with MAN Energy Solutions...

August 09, 2022

Uwazi.io Security Assessment

In 2021, Recurity Labs was contacted by Friedhelm Weinberg of the Geneva-based NGO HURIDOCS, an organization helping human rights groups to gather, organise and use information to create positive...

March 02, 2022

webOS Revisited - Even More Mistaken Identities

For an overview and introduction to webOS and this research, please see my previous post. The TL;DR On November 11, 2021, I sent an additional report to the...

November 18, 2021

Safari HSTS Circumvention

Earlier this year, I happened to play around with injecting funny data into unprotected HTTP communications of my test MacBook, when Safari turned out to exhibit a surprising behaviour in...