PinnedHacking the University in a Few StepsEscalating a Wrong Date to Get Code ExecutionApr 18, 202211Apr 18, 202211
Published inInfoSec Write-upsHow to Get CVEs Online (Fast)Some thoughts about CVEsJan 28, 20241Jan 28, 20241
ExamSys — Multiple SQL InjectionsExamSys is an open source online exam system. During a routine scan through GitHub, this repository was found vulnerable to multiple SQL…Jan 14, 2024Jan 14, 2024
Till Breach Do Us Part: The Uninvited Guest at Your WeddingPicture this: you’ve just had the perfect wedding. The vows were spoken, the dance floor was packed, but something was wrong...Aug 5, 2023Aug 5, 2023
Published inInfoSec Write-upsClique Writeup — ångstromCTF 2022Mutation XSS in DOMPurify and markedMay 5, 2022May 5, 2022
Published inInfoSec Write-upsIntigriti — XSS Challenge 0621XSS via WebAssemblyJun 27, 2021Jun 27, 2021
Published inInfoSec Write-upsIntigriti — XSS Challenge 0321XSS with CSRF BypassMar 28, 20212Mar 28, 20212
Published inInfoSec Write-upsPost Office — DaVinciCTF — WriteupA conversation with a pirateMar 14, 2021Mar 14, 2021
Published inInfoSec Write-upsDaVinciCTF — Web Challenges — WriteupThis weekend, I had the pleasure to play the DaVinci CTF and score first place with my team FAUST. It was great fun and a good quality CTF…Mar 14, 2021Mar 14, 2021
Published inInfoSec Write-upsHow I Got Access to Other People’s Medium AccountsThe magic of GitHub search, API keys, and automationAug 7, 2020Aug 7, 2020
Published inBetter ProgrammingMan in the Middle Attacks via JavaScript Service WorkersAre they possible and are they a real risk?Jul 22, 2020Jul 22, 2020
Published inInfoSec Write-upsHow I lost my followers on MediumA bug bounty reportJul 17, 20202Jul 17, 20202
Published inInfoSec Write-upsWhat Companies Should Consider Designing a Bug Bounty ProgramA few weeks ago I found a bug in one of PayPal’s APIs that can easily be abused to allow excess fraudulent charges…Jul 13, 2020Jul 13, 2020
Published inAnalytics VidhyaReversing and analyzing the cooking app KptnCook — my recipe collectionI reversed the app KptnCook to collect data for one month and analyze them afterwards. In this post I discuss my methods and findings.Apr 22, 20202Apr 22, 20202
Published inInfoSec Write-upsHow photovoltaic system data ends up onlineAnother IoT StoryFeb 15, 2020Feb 15, 2020
