Posts by Category

Advisory

Back to top ↑

Exploit

ABBS Audio Media Player v3.1 WinALL Exploit

5 minute read

A few weeks ago, one of my followers asked me if I can help him writing a functional exploit for the current version of the Audio Media Player by ABBS becaus...

Back to top ↑

BugBounty

H1-3120: MVH! (H1 Event Guide for Newbies)

2 minute read

Here’s another late post about my coolest bug bounty achievement so far! In May I’ve participated in HackerOne’s H1-3120 in the beautiful city of Amsterdam w...

Upgrade from LFI to RCE via PHP Sessions

3 minute read

I recently came across an interesting Local File Inclusion vulnerability in a private bug bounty program which I was able to upgrade to a Remote Code Executi...

PayPal Bug Bounty: PayPaltech.com XSS

less than 1 minute read

Great news! Today I received the second payment for another valid Cross-Site Scripting vulnerability covered by PayPal’s bug bounty program.  This time the d...

Back to top ↑

Coordinations

Microsoft Fixes 7 XSS Flaws on MSN

less than 1 minute read

Earlier this year, I’ve reported 7 XSS flaws on different pages of the Dutch MSN Entertainment site to the Microsoft Security Response Center (MSRC case #141...

ICQ Fixes Referer - Based XSS Vulnerability

1 minute read

I’ve reported an interesting Cross-Site Scripting flaw on the official website of ICQ, the world’s probably best known and most used Cross-Platform Messaging...

Hamburg.de fixes security flaw within hours!

less than 1 minute read

Hamburg.de - The website of the most beautiful city in Germany which is famous for its big port and its amazing atmosphere. Some days ago I had found a Non-P...

Back to top ↑

RCE

Upgrade from LFI to RCE via PHP Sessions

3 minute read

I recently came across an interesting Local File Inclusion vulnerability in a private bug bounty program which I was able to upgrade to a Remote Code Executi...

Back to top ↑

Certifications

SLAE Course and Exam Review

4 minute read

As you may have noticed, I have posted a couple of articles about my SecurityTube Linux Assembly Expert exam during the last months. Now that I have successf...

SLAE: Custom Crypter (Linux/x86)

7 minute read

Do you want to fool antivirus software? When you look through hacking forums for a solution to this, you will likely encounter the term “crypter”. You will a...

SLAE: Polymorphic Shellcodes (Linux/x86)

9 minute read

Question: How can signature-based Intrusion Detection systems be defeated? Answer: Using polymorphic shellcodes! This might sound really crazy and cyber, but...

SLAE: Custom RBIX Shellcode Encoder/Decoder

12 minute read

Anti-Virus and Intrusion Detection Systems could become really nasty during a penetration test. They are often responsible for unstable or ineffective exploi...

SLAE: Egg Hunters (Linux/x86)

12 minute read

Happy Easter everyone! Have you already found all your hidden eggs? No? Then I’ve got the ultimate solution for everyone who’s still missing some eggs ;-) ! ...

SLAE: Shell Bind TCP Shellcode (Linux/x86)

15 minute read

Do you like uncommon challenges? At least I do, and that’s the reason why I’ve signed up for the SecurityTube Linux Assembly Expert training. But what’s this...

OSCP Course and Exam Review

6 minute read

As you may have noticed - it went quiet on my blog in the last few weeks. I was heavily working on the challenging Offensive-Security Labs to obtain my Offen...

eCPPT Course and Exam Review

3 minute read

Great news! I just received an email from Armando Romeo from eLearnSecurity that I have PASSED the eCPPT exam :-)!!!

Back to top ↑

News

Modern Lords of War

5 minute read

The Wassenaar Arrangement. Maybe you have already heard about that. With the implementation of this multilateral export control regime on conventional arms, ...

Redesign Completed

less than 1 minute read

Today I received my long-awaited mail from Christian (@Crilogs) including my brand new logo. You have to visit his website and check out his other hand-made ...

Hello world!

less than 1 minute read

Welcome to my blog about IT-Security, Vulnerability Researching, Reverse Engineering, Linux and creativity in general :-). This blog  will contain everything...

Back to top ↑

Playground

City of Cons: 31C3 Meets BSidesHH

4 minute read

While the year 2014 comes to an end, two very interesting conferences have taken place in Hamburg. The annual Chaos Communication Congress 31C3 occupied the ...

Solution for Greedy Fly’s KeyGenMe v1.6

9 minute read

I like puzzles, they keep your mind up2date! So I’ve just registered over at crackmes.de because it really looks like a lot of fun - and I like fun especiall...

Back to top ↑

Tutorials

Back to top ↑

Conferences

HamburgSides 2016: Magic Superpowers!

4 minute read

The year 2016 comes to an end quickly and so it was time for another Sides conference. This year’s HamburgSides, formerly known as BSidesHH, was held in the ...

BSidesHH: Ambiguity is Insecurity

4 minute read

Hamburg - just about one year ago, the first BSides was organized by Arron and Caroline. Now, one year later on 28th December, just after a relaxed Christmas...

Back to top ↑

CTF

H1-212 CTF: Breaking the Teapot!

13 minute read

With the h1-212 CTF, HackerOne offered a really cool chance to win a visit to New York City to hack on some exclusive targets in a top secret location. To be...

HackademicRTB2 and the Art of Port Knocking

15 minute read

After successful rooting of HackademicRTB1 which wasn’t very hard at all, here’s the second hackme, provided by GhostInTheLab, which is a bit more difficult ...

Back to top ↑

SQLi

Back to top ↑

XSS

Back to top ↑