All Posts
Swiss Tax Adventures 2: The N-Day and the Rabbit Hole
Tales from installing 16 Swiss tax applications
Swiss Tax Adventures 1: The Forbidden Jar of XXE
Discovering a mass XXE in Swiss tax applications (CVE-2024-8602)
Running mitmproxy on a Raspberry Pi
A guide on how to set up mitmproxy on a Raspberry Pi for LAN and Wi-Fi MitM
Persistence with VSCode plugin backdoors
How to achieve persistence by backdooring installed VSCode plugins
Instrumentalizing Electron: Proxy Injection
How to force Electron applications into using your HTTP proxy
Hackvent 2023 Writeup
Writeups for some Hackvent 2023 challenges
Exfiltrating Data Like It's 1995
Bypassing USB poilicies using WebSerial and microcontrollers
Hacky Easter 2023: Bash Crash Writeup
A writeup for the Hacky Easter 2023 challenge Bash Crash
D-Link DNR-322L: Authenticated RCE
How I gained RCE on a DVR by uploading a malicious backup (CVE-2022-40799)
UART, uBoot, u root
Getting a root shell on the D-Link DCS-5222 by manipulating uBoot parameters via UART
Pivoting with Chisel
How to use chisel to pivot between machines and networks
Active Directory Cheatsheet
My AD cheatsheet which helped my through my OSCP exam
My OSCP Journey
My OSCP journey alongside tips, tricks and how to fail with 70p
Abusing User Habits with Evil Bookmarks
Replacing bookmarks post-exploit for fun and profit
A Poor Attempt at Hacking my Toothbrush
Investigating possible planned obsolescence in my toothbrush
Post-Exploit Phishing with PowerShell
Using PowerShell to make post-exploit phishing forms