by Julien Ahrens | Thursday, September 3, 2015 | Advisory, CVE
I have published another security advisory about a vulnerability, which I have “recently” reported to Yahoo! via their Bug-Bounty program hosted by HackerOne. So this blog post is about the technical details of the CVE-2014-7216 (which is not very...
by Julien Ahrens | Thursday, August 13, 2015 | Certifications
One very common tool among penetration testers is Metasploit, which includes a lot of nice exploits and payloads. The 5th assignment of the SecurityTube Linux Assembly Expert certification is about Metasploit shellcode analyses for Linux/x86 target systems. The...
by Julien Ahrens | Tuesday, July 21, 2015 | General
The Wassenaar Arrangement. Maybe you have already heard about that. With the implementation of this multilateral export control regime on conventional arms, dual-use goods and technologies, security researchers like me could be called lords of...
by Julien Ahrens | Sunday, January 18, 2015 | Certifications
Anti-Virus and Intrusion Detection Systems could become really nasty during a penetration test. They are often responsible for unstable or ineffective exploit payloads, system lock-downs or even angry penetration testers 😉 . The following article is about a...
by Julien Ahrens | Wednesday, December 31, 2014 | Conferences
While the year 2014 comes to an end, two very interesting conferences have taken place in Hamburg. The annual Chaos Communication Congress 31C3 occupied the Congress Center of Hamburg (CCH) for 4 days and the first BSidesHH was held...
by Julien Ahrens | Thursday, November 20, 2014 | Bug Bounty
It’s been a while since I’ve published my last article, this is mainly because I’m currently working on a nice project overseas in Asia and enjoying this relaxed life here a little bit. Therefore I also keep this blog post a little short, because...
by Julien Ahrens | Saturday, August 23, 2014 | Certifications
Happy Easter everyone! Have you already found all your hidden eggs? No? Then I’ve got the ultimate solution for everyone who’s still missing some eggs 😉 ! This assignment in my SecurityTube Linux Assembly Expert certification covers egg hunters! My...
by Julien Ahrens | Friday, July 25, 2014 | Certifications
Now Mario meets Luigi….or what’s a bind without a reverse shellcode? I’ve spend some extra time again to reduce the shellcode size and make it fully register aware, so that this shellcode could handle every exploit-scenario. It’s therefore...
by Julien Ahrens | Sunday, July 13, 2014 | Certifications
Do you like uncommon challenges? At least I do, and that’s the reason why I’ve signed up for the SecurityTube Linux Assembly Expert training. But what’s this all about ? The founder Vivek Ramachandran summarizes it best: The SecurityTube Linux...
by Julien Ahrens | Saturday, May 31, 2014 | Exploit
During the last few days a lot of nice Remote Exploits have been released over at Exploit-DB by one of my followers Harold aka superkojiman targeting applications by EFS Software Inc. First of all: Kudos to Harold, you did a really nice job :-)! As I...
