Summary An information disclosure vulnerability was identified in the backend of Aptsys’ gemsloyalty platform, which powers POS and management systems for multiple F&B clients. The issue allow...

Summary An unauthenticated information disclosure vulnerability was identified in Aptsys’ gemscms backend platform. A publicly reachable API used in production deployments returns staff/cashier ac...

Summary A SQL Injection vulnerability was identified in Aptsys’ gemscms backend platform, a shared backend used by multiple F&B businesses for POS and restaurant management. A vulnerable backe...

Summary A security misconfiguration vulnerability was identified in Aptsys’ POS Platform Web Services module, part of the gemscms backend platform used by multiple F&B businesses. Developer-or...

Summary An information disclosure vulnerability was identified in the backend of Aptsys’ gemscms platform, which powers POS and management systems for multiple F&B clients. The issue allows un...

TL;DR CTF challenges like those in Flare-On provide excellent opportunities to refine reverse engineering techniques on obfuscated binaries. Challenge 8 from Flare-On 2025, “FlareAuthenticator” inv...

A detailed walkthrough of how to statically reverse-engineer the DroidPass Flutter-based password vault challenge from 8ksec, uncovering its AES key derivation, IV generation, and encryption flaws.

Introduction Reverse engineering an iOS application can feel like solving a puzzle, especially when it’s built with a cross-platform framework like Flutter. In this post, I’ll guide you through th...

Summary A debugging error disclosure vulnerability exists on Ednovation’s https://dashboard.ednoland.com/ subdomain. By requesting a non-existent path, the application returns a full Laravel excep...

Apple’s iOS ecosystem is renowned for its sleek user interface and curated app experience, prominently displaying stock apps like Safari, Photos, and Calendar on the Home screen. However, beneath t...