aboutposts

All Posts

Preview image for the blog post Swiss Tax Adventures 2: The N-Day and the Rabbit Hole

Swiss Tax Adventures 2: The N-Day and the Rabbit Hole

Tales from installing 16 Swiss tax applications

#cve #java #web #electron #reverse engineering #swiss
Preview image for the blog post Swiss Tax Adventures 1: The Forbidden Jar of XXE

Swiss Tax Adventures 1: The Forbidden Jar of XXE

Discovering a mass XXE in Swiss tax applications (CVE-2024-8602)

#cve #java #web #swiss
Preview image for the blog post Running mitmproxy on a Raspberry Pi

Running mitmproxy on a Raspberry Pi

A guide on how to set up mitmproxy on a Raspberry Pi for LAN and Wi-Fi MitM

#web #network #reverse engineering #raspberrypi
Preview image for the blog post Persistence with VSCode plugin backdoors

Persistence with VSCode plugin backdoors

How to achieve persistence by backdooring installed VSCode plugins

#offensive
Preview image for the blog post Instrumentalizing Electron: Proxy Injection

Instrumentalizing Electron: Proxy Injection

How to force Electron applications into using your HTTP proxy

#electron #web #reverse engineering
Preview image for the blog post Hackvent 2023 Writeup

Hackvent 2023 Writeup

Writeups for some Hackvent 2023 challenges

#ctf
Preview image for the blog post Exfiltrating Data Like It's 1995

Exfiltrating Data Like It's 1995

Bypassing USB poilicies using WebSerial and microcontrollers

#hardware #usb #web #dlp
Preview image for the blog post Hacky Easter 2023: Bash Crash Writeup

Hacky Easter 2023: Bash Crash Writeup

A writeup for the Hacky Easter 2023 challenge Bash Crash

#ctf
Preview image for the blog post D-Link DNR-322L: Authenticated RCE

D-Link DNR-322L: Authenticated RCE

How I gained RCE on a DVR by uploading a malicious backup (CVE-2022-40799)

#cve #hardware
Preview image for the blog post UART, uBoot, u root

UART, uBoot, u root

Getting a root shell on the D-Link DCS-5222 by manipulating uBoot parameters via UART

#hardware
Preview image for the blog post Pivoting with Chisel

Pivoting with Chisel

How to use chisel to pivot between machines and networks

#oscp #certification #network
Preview image for the blog post Active Directory Cheatsheet

Active Directory Cheatsheet

My AD cheatsheet which helped my through my OSCP exam

#windows #activedirectory #cheatsheet
Preview image for the blog post My OSCP Journey

My OSCP Journey

My OSCP journey alongside tips, tricks and how to fail with 70p

#oscp #certification
Preview image for the blog post Abusing User Habits with Evil Bookmarks

Abusing User Habits with Evil Bookmarks

Replacing bookmarks post-exploit for fun and profit

#phishing #web
Preview image for the blog post A Poor Attempt at Hacking my Toothbrush

A Poor Attempt at Hacking my Toothbrush

Investigating possible planned obsolescence in my toothbrush

#hardware #nfc #reverse engineering
Preview image for the blog post Post-Exploit Phishing with PowerShell

Post-Exploit Phishing with PowerShell

Using PowerShell to make post-exploit phishing forms

#windows #phishing #powershell