• AWAE Course and OSWE Exam Review

    |

    AWAE Course and OSWE Exam Review


  • |

    Dell KACE K1000 Remote Code Execution – the Story of Bug K1-18652

  • |

    H1-3120: MVH! (H1 Event Guide for Newbies)

  • |

    H1-415: Hacking My Way Into the Top 4 of the Day


  • City of Cons: 31C3 Meets BSidesHH

    While the year 2014 comes to an end, two very interesting conferences have taken place in Hamburg. The annual Chaos Communication Congress 31C3 occupied the Congress Center of Hamburg (CCH) for 4 days and the first BSidesHH was held in the heart of the city. Luckily, I was able to attend both and like to recap my experiences and outline their really different […]

    /

  • Google Bug Bounty: Nice Catch on Google Cloud Platform Live

    It’s been a while since I’ve published my last article, this is mainly because I’m currently working on a nice project overseas in Asia and enjoying this relaxed life here a little bit. Therefore I also keep this blog post a little short, because it’s just for the record. In early September, I stumbled – […]

    /

  • SLAE: Egg Hunters (Linux/x86)

    Happy Easter everyone! Have you already found all your hidden eggs? No? Then I’ve got the ultimate solution for everyone who’s still missing some eggs 😉 ! This assignment in my SecurityTube Linux Assembly Expert certification covers egg hunters! My research is based on the really awesome paper “Safely Searching Process Virtual Address Space” by Matt […]

    /

  • SLAE: Shell Reverse TCP Shellcode (Linux/x86)

    Now Mario meets Luigi….or what’s a bind without a reverse shellcode? I’ve spend some extra time again to reduce the shellcode size and make it fully register aware, so that this shellcode could handle every exploit-scenario. It’s therefore currently at a size of 74 bytes, which should make it one of the smallest Linux-based Shell […]

    /

  • SLAE: Shell Bind TCP Shellcode (Linux/x86)

    Do you like uncommon challenges? At least I do, and that’s the reason why I’ve signed up for the SecurityTube Linux Assembly Expert training. But what’s this all about ? The founder Vivek Ramachandran summarizes it best: The SecurityTube Linux Assembly Expert (SLAE) aims to teach the basics of assembly language on the Linux platform […]

    /

  • Easy File Management Web Server v5.3 Exploit-Kung Fu

    During the last few days a lot of nice Remote Exploits have been released over at Exploit-DB by one of my followers Harold aka superkojiman targeting applications by EFS Software Inc. First of all: Kudos to Harold, you did a really nice job :-)! As I were looking through his releases, I noticed a special one which immediately drew […]

    /

  • Magix Bug Bounty: magix.com (RCE, SQLi) and xara.com (LFI, XSS)

    The German Magix Software GmbH rewarded me with a Hall of Fame listing and a free Magix Music Maker 2014 Premium license for my reports of several serious security issues in the online infrastructures of magix.com and xara.com, which could be used to break both sites entirely: At this point, I’d like to thank the Magix Security Team for their really fast […]

    /

  • CVE-2014-2087: Free Download Manager CDownloads_Deleted:: UpdateDownload() Remote Code Execution

    I’ve discovered another 0day Remote Code Execution flaw in a CNET.com Top10 software of its category, which has been downloaded more than 6 million times right now. Affected Versions and CVSS I’ve successfully verified the vulnerability in the following versions (but any older versions may be affected too): Free Download Manager v3.9.3 build 1360 (latest) […]

    /

  • CVE-2014-2206: GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution

    I’ve published another security advisory about a remote code execution vulnerability with a CVSS score of 10,0 today. Affected are all available versions of the GetGo Download Manager, so if you’re still using this software you should immediately switch to a more secure one, because the GetGo project is dead, but still high-rated by cnet.com. […]

    /