WatchGuard 12.11 (Firebox) PostAuth CLI memory corruption bug

In one of the latest pentests projects I had a pleasure to play a bit with latest WatchGuard. Below you'll find some details about it. Here we go...

Palo Alto PostAuth CLI memory corruption bug

Hi, it's been a while. Long story short: below you'll find few details about the postauth bug I found in Palo Alto CLI. Here we go...

Python GUI from AI

After a while I decided to look back again at the Python's GUI in Tkinter. Below you'll find few notes about it. Here we go...

The Hack Summit 2024 - Online presentation

This year (again) I had a pleasure to present few of the topics from my research during The Hack Summit Conference in Poland[1, 2, 3]. Last time we (mostly;)) talked about one preauth RCE bug I found in ConQuest DICOM server (1.5.0d). This year we talked about one of the way to automate bug hunting using Ghidra. Below you'll find more details about it. Here we go...

Hack The Box - Instant

Few days ago I had a pleasure to check one of the Hack The Box 'Season 6' machine called Instant. Few details about it you will find below. Here we go...

Waiting for The Hack Summit 2024

During last years I had a pleasure to present few of my notes and ideas during The Hack Summit conference in Poland. This year I'll try to present few words about a new topic - more related to Ghidra. So just as a quick summary for previous years - below you'll find a 'current timeline'. ;) Here we go... 

Join Mnemonic - UD2

Below you'll find few notes about one simple RE challenge I found on Hack The Box. Here we go...

Automating Network Pentests with Metasploit and Ruby

This time we'll continue the journey started in previous post to create a small 'semi-automated' tool to perform some 'basic' network pentests. For this case we'll focus (mostly;)) on CVE-2021-20039 for SonicWall SMA. Here we go...

Reading Nmap Log In Ruby

From time to time during pentests we're using nmap to scan the target host(s). Today we'll try to read nmap's log using Ruby. Below you'll find few details about it. Here we go...

Few notes from CTF@CIT

During this weekend I had a moment to read what's new at CTFTime and that's how I found CTF@CIT prepared by HACK@CIT. Below you'll find few notes about it. Here we go...