Ghidra Sink Finder – Automated Tracking User-Controlled Data to Security-Relevant Functions

When performing Reverse Engineering or binary analysis, one of the most common questions is: "Can user-controlled data reach a potentially dangerous function?" Let's try...

WatchGuard BruteForce

Some time ago I wrote a post and a small script to run a brute force attack against FortiGate appliances. (Link to that post you can find here). This time I decided to check if similar bug is present in latest WatchGuard appliance (FireboxV, version 12.12). Below you'll find the details and poc code to test it in your own LAB. Below you'll find more details about it. Here we go...

Building BHADGUI: Automating BloodHound Data Collection for AD Attack Paths

When you're doing Active Directory pentesting on a tight schedule, running SharpHound manually and then clicking through BloodHound's UI gets old fast. BHADGUI started as a simple wrapper and evolved into something more useful.

Hack The Box - Reactor

Reactor is an 'easy' Linux CTF machine from Season 11 at Hack The Box platform. Few days ago I decided to check it. Below you'll find more details about it. Here we go...

Living Long Doing Pentests

Some time ago, I was searching online for information about vulnerabilities in popular networking devices. One of the links I came across concerned the CVE-2025-0116 vulnerability related to the handling of the LLDP (Link Layer Discovery Protocol) by Palo Alto devices." Intrigued by the description, I decided to check how it looks on my own device in a home lab environment. Below you'll find some details about it. Here w go...

Palo Alto PostAuth CLI memory corruption bug - Metasploit module

Few days ago I posted some notes about the bug found in January in Palo Alto VM. Today you'll find some details about a working poc for Metasploit created for this bug. Here we go...

WatchGuard 12.11 (Firebox) PostAuth CLI memory corruption bug

In one of the latest pentests projects I had a pleasure to play a bit with latest WatchGuard. Below you'll find some details about it. Here we go...

Palo Alto PostAuth CLI memory corruption bug

Hi, it's been a while. Long story short: below you'll find few details about the postauth bug I found in Palo Alto CLI. Here we go...

Python GUI from AI

After a while I decided to look back again at the Python's GUI in Tkinter. Below you'll find few notes about it. Here we go...

The Hack Summit 2024 - Online presentation

This year (again) I had a pleasure to present few of the topics from my research during The Hack Summit Conference in Poland[1, 2, 3]. Last time we (mostly;)) talked about one preauth RCE bug I found in ConQuest DICOM server (1.5.0d). This year we talked about one of the way to automate bug hunting using Ghidra. Below you'll find more details about it. Here we go...