Quick intro to log4j

During this week I had a pleasure to learn more about a 'popular' log4j vulnerability. I decided to take a quick note for few cases I found in the IPS logs. Here we go...

Lore MIPS OOM

Few days ago I had a pleasure to present some of my ‘notes and ideas’ during TheHackSummit Conference. After (a “stage-fright” ate me alive and “ihmo - I failed”;)) the (“too fast!111”;)) presentation I decided to calm a bit and slow down with some binary exploitation topics. And that’s how I landed in the binary world of IoT and router devices… ;) Here we go…

Postauth Chained RCE with Nagios IM

Some time ago I started searching for bugs in NagiosIX. Few days ago I decided to continue my "research" and that's how I landed with NagiosIM (2.0.0 afaik ;)). Below you'll find few notes about it. :) Here we go...

Pentesting Jenkins

Some time ago I started a small project called 'enlil'. As you already know - I'm using it during pentests and redteam projects. Below you'll find few notes about the test prepared for Jenkins. Here we go...

Postauth Traps in NagiosXI 5.8.x

Few days ago (when I was working on new version of 'enlil' scanner) I started my mini-internal-pentest related to VM (v5.8.6 afaik) with preinstalled NagiosXI. Below you'll find new notes about it. Here we go...

Mobile Adventures: Fuzzing Android Browsers

In the meantime of last 3 weeks (beside looking for new projects;) of course) I was reading and learning about Android security. Below you'll find few notes about it. Here we go... 

Humiliating Resources Interviews

"Hack all that bull-tihs" - 'you watch me play...' ;) 

Mobile Adventures: Cracking with Frida

This time I decided to prepare a small Lab for testing mobile applications. Because of the 'future work' I decided to stick with Android based environment. Below you'll find few notes about it. Here we go...

JS dropper static analysis

From time to time I'm checking Bazaar website to download some samples and try to analyse them in my 'local Lab'. This time I decided to download a file tagged as 'dropper'. Below you'll find the details. Here we go...

Kernel: Jump into Device

In previous post about kernel I tried to start with some basic kernel modules. Below we'll continue - this time with so called 'devices'. Here we go...

Bounty CORSare

Few days ago someone asked me about CORS-related vulnerabilities. I decided it will be a good idea o try to create a small tool. Below you'll find the whole story. Here we go...

Kernel: Introduction

Few weeks ago I was invited by one Team to participate as a "guest" during some international CTF competition. Spoiler alert: as I failed strongly during kernel pwn challenges;) (read as: 'mostly all that I tried' ;)) I decided to 'go back' and learn more (to 'try harder' "next time" ;))... Below you'll find few notes from the journey. Here we go...

Cracking with Ghidra - Part 2

According to the previous part today we'll try to understand another 'crackme'. Here we go...

Intro to Ghidra

So ;) as we already 'can write' some ASM code - this time we'll try to read it... using Ghidra. Here we go...

Linux Assembly - Simple shellcode ride

Hi ;) According to our last 'quick intro' with an example of hello_world code in ASM on Linux this time we'll try to create something else. Here we go...

Quick Intro to Linux Assembly

Some time ago I decided to get back to the ASM on Intel and refresh some of the basics. Below you'll find few notes about it. Here we go... 

Postauth RCE for Ilias 5

Hi. This time we'll talk about one RCE bug I found during a reasearch for a pentest done 3 weeks ago. Webapp we'll try this time is called Ilias (tested: v5.0.3). Here we go..

PostAuth LFI for Oracle Weblogic

Lost hope? Lost job? No-war-yes... :) "And until"...

Crashing Aspire 9.5

Hi :) This time I decided to publish few details from one of the fuzzing I runned for a while some about 2 weeks ago. Below you'll find 3 bugs I found for Aspire 9.5 software. Here we go...

Crashing QA-CAD (2019 A.04)

Hi ;) This time I tried to fuzz QA-CAD (2019 A.04). Below you will find more details about it. Here we go...

Creating Simple File Format Fuzzer

Hi ;) This time I decided to present a short draft for the small and simple 'file format fuzzer' I created some time ago. Here we go...

(Mass) Hunting for domains

Hi ;) During one of the CTFs I decided to check a domain enumeration tool called massdns. Below you'll find few details and my notes about it. Here we go...

Enlil.py - example module

Hi :) last time we talked about wooper.py and enlil.py projects I started some time ago. Since last few weeks I was wondering "what if" we'll combine results from both "proof-of-concepts". Below you'll find few notes about it. Here we go...

Enlil - Unfinished Sympathy

Hi :) This time I decided to check one of my old codes (called enlil). Few details you'll find below. Here we go...

Wooper.py - first results

Hi ;) Today we'll continue last post about "wooper.py updates". Below you'll find quick results for first scan of Wordpress plugin called WPide(2.5). Here we go...

Wooper.py - Reborn

Hi :) I decided to rewrite wooper.py script presented some time ago in the blog. Below you'll find few initial details and a friendly skeleton ;). Here we go...

Returning root to userland

Since last few days I was reading a little bit more about kernel exploitation. One of the resources I found[1,2,3] was "good enough" (for me ;)) to follow it and recreate the steps on my own VM machine. Vulnerable challenge - described here by Midas - was a one presented on hxpCTF 2020 - 'kernel-rop'. Below you'll find a "quick autopsy" (but I like to think about it like a note for the 'future me' ;)). Here we go...

FuzzLabs vs Acme CAD Converter

Hi ;) since last week I tried to prepare another article for the upcomoing 'Notes Magazine' (#07) - this time related to the fuzzing. My goal was to prepare a sample fuzzer and grab few new bugs. Below you'll find few of the "very first results". Here we go...

FuzzLabs: OpenAPC 5.5-1

Hi ;) From time to time you're asking me about 'pentesting SCADA'. During this weekend I decided to check the topic and mix it a bit with my 'FuzzLabs'. Below you'll find few details about it. Here we go...

Pentester on the Meeting

Hi, today we'll prepare a 'simple scenario for "Red Team" attacks' I decided to try after one of the "last  meetings"... ;) Below you'll find more details about it. Here we go...

Enlil: Continuous Development

Hi :) last time we talked about Enlil project I decided to rewrite. Today we'll go deeper and modify our current script to extend the "automation of pentest". ;) Here we go...

Enlil: Introduction

Hi. Some time ago I create a small script called 'enlil'. Few days ago I decided to check it again and rewrite few things. Below you will find a draft of the current status. ;) Here we go...

Custom scan with Burp

 Hi, today I prepared a short video for creating custom scans with Burp Proxy. Here we go...

Code16 - Notes Magazine 06

Hi ;) This time I decided continue Notes Magazine so paper with number #06 is waiting for you below. This time we'll talk about...

Code16 - Notes Magazine 05

Hi :) Continuing the Notes Magazine below I prepared a new part for you - #05. Here we go...

Crashing ActivePresenter

 Few days ago I started learning how to record a video... and that's how I found few bugs in ActivePresenter software. Below you'll find few details. Here we go...

Code16 - Notes Magazine 04

Hello :) Continuing the Notes Magazine in the New Year below I prepare a new part for you - #04. Here we go...