• SecurePwn Part 1: Bypassing SecurePoint UTM’s Authentication (CVE-2023-22620)

    |

    SecurePwn Part 1: Bypassing SecurePoint UTM’s Authentication (CVE-2023-22620)


  • |

    Smuggling an (Un)exploitable XSS

  • |

    CVE-2020-16171: Exploiting Acronis Cyber Backup for Fun and Emails

  • |

    Bug Bounty Platforms vs. GDPR: A Case Study


  • HamburgSides 2016: Magic Superpowers!

    The year 2016 comes to an end quickly and so it was time for another Sides conference. This year’s HamburgSides, formerly known as BSidesHH, was held in the Bucerius Law School in Hamburg next to the 33C3. I’ve been supporting this event since the very first BSidesHH in 2014, so I had to attend this year…

    /

  • 44CON London 2016: When Hackers Meet a Corgi!

    Have you ever been to 44CON in London? In case you haven’t, you need to go there in 2017! To be honest it was my first time attending, but it took just one 44CON for me to become excited and that not only because of the Corgi crew member – but also because of all the workshops, talks and people…

    /

  • SLAE Course and Exam Review

    As you may have noticed, I have posted a couple of articles about my SecurityTube Linux Assembly Expert exam during the last months. Now that I have successfully completed the course, I just want to share my thoughts about it for those of you who think about taking the course but are unsure if it’s the right one. What is…

    /

  • SLAE: Custom Crypter (Linux/x86)

    Do you want to fool antivirus software? When you look through hacking forums for a solution to this, you will likely encounter the term “crypter”. You will also find this tool in the arsenal of every advanced penetration tester and it is the obvious standard for an advanced persistent threat (APT). This blog post gives you…

    /

  • SLAE: Polymorphic Shellcodes (Linux/x86)

    Question: How can signature-based Intrusion Detection systems be defeated? Answer: Using polymorphic shellcodes! This might sound really crazy and cyber, but it has nothing to do with inventing fancy new hacking techniques, it’s rather about puzzling. By replacing assembly instructions with other assembly instructions the original functionality is kept intact and signature-based systems are defeated. For example, the following…

    /

  • Ubiquiti Bug Bounty: UniFi v3.2.10 Generic CSRF Protection Bypass

    Better late than never. This article will give you some insights about my discovered generic Cross-Site Request Forgery Protection Bypass in Ubiquiti’s UniFi v3.2.10 and below, as published some time earlier this year on HackerOne. This vulnerability basically allows an attacker to compromise the UniFi installation including connected devices by e.g. changing passwords of users, adding new users, changing device…

    /

  • BSidesHH: Ambiguity is Insecurity

    Hamburg – just about one year ago, the first BSides was organized by Arron and Caroline. Now, one year later on 28th December, just after a relaxed Christmas time, they invited again –  for the next #BSidesHH. It was powered by the great location at the University of Hamburg as well as by more attendees compared to last year…

    /

  • CVE-2015-5956: Bypassing the TYPO3 Core XSS Filter

    TYPO3 is the most widely used enterprise content management system with more than 500.000 installations. I have recently discovered a Non-Persistent Cross-Site Scripting vulnerability in its core and disclosed the details of the vulnerability publicly as CVE-2015-5956. This blog article should give you some insights about the vulnerability, because it’s not only a simple XSS, but a rather…

    /

  • CVE-2014-7216: A Journey Through Yahoo”s Bug Bounty Program

    I have published another security advisory about a vulnerability, which I have “recently” reported to Yahoo! via their Bug-Bounty program hosted by HackerOne. So this blog post is about the technical details of the CVE-2014-7216 (which is not very thrilling), but more about my experience with Yahoo’s Bug Bounty program. CVE-2014-7216: Attacking Yahoo! Messenger Users with Emoticons 🙂 😛…

    /