During last years I had a pleasure to present few of my notes and ideas during The Hack Summit conference in Poland. This year I'll try to present few words about a new topic - more related to Ghidra. So just as a quick summary for previous years - below you'll find a 'current timeline'. ;) Here we go...
code16
środa, 9 października 2024
środa, 11 września 2024
Join Mnemonic - UD2
Below you'll find few notes about one simple RE challenge I found on Hack The Box. Here we go...
wtorek, 30 lipca 2024
Automating Network Pentests with Metasploit and Ruby
This time we'll continue the journey started in previous post to create a small 'semi-automated' tool to perform some 'basic' network pentests. For this case we'll focus (mostly;)) on CVE-2021-20039 for SonicWall SMA. Here we go...
środa, 24 lipca 2024
Reading Nmap Log In Ruby
From time to time during pentests we're using nmap to scan the target host(s). Today we'll try to read nmap's log using Ruby. Below you'll find few details about it. Here we go...
niedziela, 21 kwietnia 2024
Few notes from CTF@CIT
wtorek, 16 kwietnia 2024
Postauth SQLi in Centreon 23.10-1.el8
Similar to previous notes about hunting bugs in Centreon few weeks ago I prepared a new lab to test 'current/latest' version of this webapp. Below you'll find the details. Here we go...
poniedziałek, 8 stycznia 2024
Postauth SQLi in AdvantechWeb/SCADA 9.1.5U
During some internal pentests performed few weeks ago I found an SQL injection (postauth) bug in "latest" AdvantechWeb/SCADA (9.1.5U). Below you'll find more details about it. Here we go...
sobota, 6 stycznia 2024
Healthy PostAuth RCE in FortiADC 7.4.0
środa, 6 grudnia 2023
The Hack Summit 2023 - Online presentation
poniedziałek, 4 grudnia 2023
Monitoring SUFF - Part 2
During one night I decided to continue my tests with suff.py script described before. This time I decided to run it with FortiWeb VM (v7.4.0 build577) so below you'll find few notes about it. Here we go...