As you may have noticed, I have posted a couple of articles about my SecurityTube Linux Assembly Expert exam during the last months. Now that I have successfully completed the course, I just want to share my thoughts about it for those of you
SLAE: Custom Crypter (Linux/x86)
SLAE: Polymorphic Shellcodes (Linux/x86)

Question: How can signature-based Intrusion Detection systems be defeated? Answer: Using polymorphic shellcodes! This might sound really crazy and cyber, but it has nothing to do with inventing fancy new hacking techniques, it’s rather about puzzling. By replacing assembly instructions with other assembly instructions
Ubiquiti Bug Bounty: UniFi v3.2.10 Generic CSRF Protection Bypass
BSidesHH: Ambiguity is Insecurity
CVE-2015-5956: Bypassing the TYPO3 Core XSS Filter

TYPO3 is the most widely used enterprise content management system with more than 500.000 installations. I have recently discovered a Non-Persistent Cross-Site Scripting vulnerability in its core and disclosed the details of the vulnerability publicly as CVE-2015-5956. This blog article should give you
CVE-2014-7216: A Journey Through Yahoo’s Bug Bounty Program
SLAE: Dissecting Msfvenom Payloads (Linux/x86)
Modern Lords of War

The Wassenaar Arrangement. Maybe you have already heard about that. With the implementation of this multilateral export control regime on conventional arms, dual-use goods and technologies, security researchers like me could be called lords of war and weapons dealers now – sounds cool, but unfortunately it’s