As someone who began in embedded engineering and transitioned into cybersecurity, I’ve always been interested in that gray space where hardware meets software. When I came across the Certified Hardware Hacker (CH2) certification from We Hack In Disguise (WHID) , it felt like a solid way to expand my skills into hardware hacking. The course promised a deep dive into embedded and IoT device security with hands-on labs, real-world tooling, and a technical curriculum. Now that I’ve completed the training and passed the certification, here’s my review for those considering it. A Look Inside the Training The CH2 training is built around a self-paced, lab-heavy approach. It blends theory and practice with structured content, walkthroughs, and exercises that you can follow at your own speed. From the start, it was clear this wasn’t just another set of slides and multiple-choice questions. The labs drive the learning process, and that’s where most of the value lies. Topics covered include: Dump...
CVE-2024-27524: Stored XSS in tickets Severity: High (Base Score 7.1 ) CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Mitigation: Upgrade to Chamilo LMS 1.11.28 and above. Patch: https://github.com/chamilo/chamilo-lms/commit/53275c152275958b33a1f87a21843daa52fb543a CVE-2024-27525: Self XSS in social network Base Score: Medium (Base Score 4.6 ) CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L Mitigation: Upgrade to Chamilo LMS 1.11.28 and above. Patch: https://github.com/chamilo/chamilo-lms/commit/a63e03ef961e7bf2dab56f4ede6f87edef40ba0c Overview This advisory covers the discovery of two vulnerabilities within Chamilo LMS, an open-source learning management system (LMS) widely used across educational institutions. These vulnerabilities—stored cross-site scripting (Stored XSS) and self-cross-site scripting (Self XSS)—pose different levels of security risks but highlight critical consideration...