Simple SQL fuzzing for Junior Pentesters

Some time ago I was asked to pentest some network and identify possibly vulnerable network services there. One of them was SQL database. More details about it - you'll find below. Here we go...

Crashing GNOME shell again

Last time we talked about a crash in GNOME based on AnyDesk. This time I found a similar bug using LibreOffice for Ubuntu. Below you'll find more details. Here we go...

ISC2 Poland Chapter 07.2022 - Online Presentation

Few weeks ago (07.07.2022) thanks to ISC2 Poland Chapter I had a pleasure to present one of the findings described on the blog. Below you'll find more details. Here we go...

The Hack Summit 2021 - Online Presentation

During 2021 I had a pleasure to present few of the topics about my research during The Hack Summit Conference in Poland. Below you'll find more details about it. Here we go...

Night fuzzing session - IdaPro 6.6 - part 2

Last time during one of the "Night Fuzzing Sessions" I found few bugs in IdaPro 6.6. I decided to continue this adventure but with a 'new approach'. So I changed my input files. ;) Below you will find the details about it. Here we go... 

Crashing GNOME shell

When I was waiting for the results of "Night Fuzzing Session" I tried to chill a bit searching for some other bugs. That's how I found one of them (CVE-2020-13160) described here and that's how in the end I landed in GNOME. ;) Details about it you will find below. Here we go...

Night fuzzing session - IdaPro 6.6

According to previous adventures few days ago I decided to continue 'night fuzzing session' and this time I tried to run a quick check for Ida Pro (version 6.6). Below you'll find more details about it. Here we go...

See you when I see you

Few months ago during some pentest project I found that inside the "Client's Network" we have an access to the IPCam-network. Few more details about it - you'll find below. Here we go...

Fuzzing FreeBSD 12.3

After last adventures with JunOS bugs I decided to learn more about FreeBSD - the base (afaik) OS for the "Juniper vSRX" I tested in the lab [1, 2]. I decided to start a quick fuzzing for the binaries inside this OS. Below you'll find few notes about it. Here we go...

Escape from the Secret Garden

Last time when we talked about Juniper/JunOS we focused mostly[1,2] on XSS bugs. Today we'll talk about postauth CLI access and how to extend it ;). Here we go...

Pentesting Pentesters with MSF Jump Host

Let's think about the scenario for a pentest/redteam project during which we are using 'our dedicated jump host'. "What if" someone will takeover this host? This time we'll try to check the potential results of this kind of attack. Here we go...

Ansible - Quick Shot

I decided to create this small document to collect few basic ideas about Ansible and how it can be used during a ‘day-to-day’ scenarios for pentest and red team projects. If you’re already familiar with Ansible – this document more likely will be a small ‘cheat sheet’ if you’d like to use Ansible to perform some actions during the projects. Anyhow… Enjoy and have fun! ;) Here we go...

Postauth XSS bugs in Juniper 12.x

Last time we talked about XSS bugs in Junos Space 21.x. This time we'll talk a bit about few XSS bugs I found in Juniper 12.x. Here we go... 

Another one SAST to bytes

During one of the last evenings I decided to read and learn more about static source code review. In the past I had a pleasure to create (more or less) 'automated' tools to do it. This time I decided to not to start "from the beginning" but instead of: to learn more about SAST and SonarQube scanning scenarios. Here we go...

Space for XSS in Junos

"Space: the final frontier." Well... I'm not sure if it's even a half (of the journey) with Junos - but - let's find some "Space" to inject additional (JS/HTML) code. Get some "Space" and here we go...

Enter in 2022

It was an interesting beginning of the year. After a few talks with few friends during last year, last few weeks I spent creating a new small tool called EnterTerminal. More details about it you'll find below. Here we go...