An IMHO on why blindly trusting UUIDs is bad

LPE in the Cordaware bestinformed Infoclient (CVE-2025-0425)

Tales from installing 16 Swiss tax applications

Looking at Atlassian plugins from the attacker perspective

Discovering a mass XXE in Swiss tax applications (CVE-2024-8602)

A guide on how to set up mitmproxy on a Raspberry Pi for LAN and Wi-Fi MitM

How to achieve persistence by backdooring installed VSCode plugins

How to force Electron applications into using your HTTP proxy

Writeups for some Hackvent 2023 challenges

Bypassing USB poilicies using WebSerial and microcontrollers

Exfiltrating data in various ways

A writeup for the Hacky Easter 2023 challenge Bash Crash

How I gained RCE on a DVR by uploading a malicious backup (CVE-2022-40799)

Getting a root shell on the D-Link DCS-5222 by manipulating uBoot parameters via UART

How to use chisel to pivot between machines and networks

My AD cheatsheet which helped my through my OSCP exam

My OSCP journey alongside tips, tricks and how to fail with 70p

Replacing bookmarks post-exploit for fun and profit

Investigating possible planned obsolescence in my toothbrush

Using PowerShell to make post-exploit phishing forms