When I find a vulnerability or write a new CodeQL query I will try to share my newly gained knowledge here.
Or if I simply want to blog about something I like :P
Latest Posts
-
BraekerCTF 2024 – Injecting Commands – Writeup
How to reverse engineer a Mach-O binary from BraekerCTF 2024 that breaks all tools.
-
Finding Insecure TrustManagers and Disabled Hostname Verification with CodeQL
Certificates are a cornerstone of what makes Internet communication secure. In this post, I’m going to show how to find multiple CVEs in usage of the Java
TrustManager... -
Cyber Security Rumble Finals CTF 2023 – elkcip – Writeup
In this post, I’m going to show how to solve elkcip from Cyber Security Rumble Finals CTF 2023 and why SMT/SAT solver choice matters.
-
GitHub Universe 2022 Highlighting my JWT Query
My JWT query is highlighted at GitHub Universe 2022 by the GitHub Security Lab as an example for community-driven security contributions.
-
Google CTF 2022 – LOG4J2 – Writeup
In this post I’m going to show how to solve LOG4J2 from Google CTF 2022 and also touch on why the unintended solution for LOG4J1 worked.
-
Finding Insecure JWT Signature Validation with CodeQL
JSON Web Tokens (JWTs) are notorious for vulnerabilities. In this post I’m going to show how to find multiple CVEs in users of the jwtk/jjwt library.
-
From Arbitrary File Write to RCE Using Git Hooks in fossasia/susi_server
In this post I’ll show how to achieve remote code execution using multiple smaller vulnerabilities.
-
Announcing Intrigus' Security Lab
Welcome to Intrigus’ Security Lab (ISL).