Can Nginx Configurations Be Vulnerable to ReDoS Expressions?

18 Feb 2025 - 2 minute read

proxy_pass: nginx's Dangerous URL Normalization of Paths

15 Feb 2025 - 11 minute read

Extracting TLS Session Keys in Burp Proxy à la SSLKEYLOGFILE

15 Feb 2025 - 1 minute read

Debugging failures of HTTP/2 in Burp, mitmproxy, and browsers

14 Feb 2025 - 6 minute read

NodeJS, nvm, yarn, and npm on MacOS in 2025

13 Feb 2025 - 1 minute read

CodeQL on MacOS

13 Feb 2025 - 2 minute read

Updating FreeBSD's datetime without DNS

02 Feb 2025 - less than 1 minute read

Feedburner's Caching Problem

01 Feb 2025 - 4 minute read

Some Thoughts on "Fixing Security Issues"

08 Nov 2024 - 5 minute read

Webcam support on a Macbook running FreeBSD using PCI passthrough

07 Oct 2024 - 14 minute read

Losing Sight and Vision of Your Mission and Culture: Part 2

29 Sep 2024 - 2 minute read

Crawling every Debian .deb package in history from snapshot.debian.org, learning the .deb format, and finding rate-limiting bypasses

26 Sep 2024 - 23 minute read

A Full Guide: FreeBSD 13.3 on a MacBook Pro 11.4 (Mid 2015) (A1398)

23 Sep 2024 - 54 minute read

Comparing different versions of AWK with WebAssembly

29 Aug 2024 - 3 minute read

An automatic captive-portal resolver and DNS white-lister for DNS over TLS with Unbound

25 Aug 2024 - 3 minute read

BCM43602: Debugging a Wifi chipset causing a whole-system hang with FreeBSD's bhyve VM

21 Aug 2024 - 36 minute read

Exclusive i3 keysyms for specific programs. or: Binding Escape on imagemagick's import

24 Jul 2024 - 2 minute read

Encrypted NTP using NTS and chrony on FreeBSD

07 Jul 2024 - 2 minute read

Encrypted DNS over TLS on FreeBSD with Unbound, and Blocking Unencrypted DNS Traffic

06 Jul 2024 - 7 minute read

Cute color progression for my battery status indicator

01 Jul 2024 - 2 minute read

Fuzzing scripting languages' interpreters' native functions using AFL++ to find memory corruption and more

27 Jun 2024 - 8 minute read

On using private browsing mode for half a year

18 Jun 2024 - 5 minute read

Supply chain attacks and the many (other) different ways I've backdoored your dependencies

02 May 2024 - 4 minute read

A DoS Attack in RuneScape: In 3-Dimensions!

01 Apr 2024 - 2 minute read

The End of Yubikeys as 2-Factor-Authentication? Google Breaks 2FA with Yubikeys in Favor of Passkeys

02 Feb 2024 - less than 1 minute read

Mounting and reading an ext4 drive on MacOS

24 Jan 2024 - 1 minute read

A RuneScape Hacker's Dream: An Authenticator and PIN Bypass

16 Jan 2024 - 13 minute read

Credential Stuffing Done Right: Some Tips

15 Jan 2024 - 5 minute read

Automatically Generating a Well-Tuned Fuzzing Campaign With AFL++

12 Jan 2024 - 6 minute read

SSH-Snake Update: Multi-IP Domain Resolution

11 Jan 2024 - 5 minute read

On the Google Account Persistence Exploit

09 Jan 2024 - 3 minute read

Firefox now automatically trusting the operating system's root store for TLS certificates (update: and now it doesn't!)

09 Jan 2024 - 2 minute read

LDAP Watchdog: Real-time LDAP Monitoring for Linux and OpenLDAP

06 Jan 2024 - 7 minute read

SSH-Snake: Automatic traversal of networks using SSH private keys

04 Jan 2024 - 53 minute read

Fuzzing with memfd_create(2) and fmemopen(3)

02 Jan 2024 - 4 minute read

Bash and SSH fun: SSH is eating my stdin! Or: why does my Bash script not continue after returning from a function?

19 Dec 2023 - 1 minute read

No new iPhone? No secure iOS: Looking at an unfixed iOS vulnerability

16 Dec 2023 - 3 minute read

SSH Adventures Continued: Invalid CVE-2018-15473 Patches

09 Dec 2023 - 2 minute read

Losing Sight and Vision of Your Mission and Culture

07 Dec 2023 - 1 minute read

More fun with bash: bash, ssh, and ssh-keygen version quirks

15 Nov 2023 - 5 minute read

Dumping bash variable values from memory using gdb

12 Nov 2023 - 6 minute read

Playing with SSH: carriage returns on stderr output

10 Nov 2023 - 1 minute read

Fuzzing glibc's libresolv's res_init()

07 Nov 2023 - 3 minute read

Revisiting My Old Blog

05 Nov 2023 - 6 minute read

Revisiting the past: Security recommendations of a 17-year-old Joshua

04 Nov 2023 - 4 minute read

How to DoS MySQL/MariaDB and PostgresSQL Servers With Fewer Than 55kb of Data

17 Oct 2023 - 5 minute read

55 Vulnerabilities in Squid Caching Proxy and 35 0days

11 Oct 2023 - 4 minute read

root with a single command: sudo logrotate

01 Oct 2023 - 6 minute read

Fuzzing with multiple servers in parallel: AFL++ with Network File Systems

17 Sep 2023 - 4 minute read

CVE-2023-4863: Fallout hits Facebook; probably much much more

13 Sep 2023 - 2 minute read

Nagios Plugins: Hacking Monitored Servers with check_by_ssh and Argument Injection: CVE-2023-37154

05 Sep 2023 - 6 minute read

Tracking a secret LoginTime LDAP attribute with Operational Attributes

22 Aug 2023 - 3 minute read

My Wrocław tourism tips and recommendations

20 Aug 2023 - 29 minute read

Slack login is broken with noscript

20 Aug 2023 - 4 minute read

Improve nmap's service scanning with this 1 weird trick!

18 Aug 2023 - 4 minute read

Speeding up nmap service scanning 16x

13 Aug 2023 - 8 minute read

5 Tips For Port Service Scanning 16x Faster: Part 1

30 Jul 2023 - 3 minute read

Describing All Kubernetes Pods of All Namespaces for Fun and Profit

12 Jul 2023 - less than 1 minute read

Stealing All of Hashicorp Vault's Secrets Using Login Enumeration

10 Jul 2023 - 3 minute read

Achieving persistence with a hidden SSH backdoor

26 Jun 2023 - 4 minute read

Attacking a temperamental ten-year-old Jenkins server

21 Feb 2023 - 2 minute read

Attacking a scripting language's cryptographic functions with Wycheproof

05 Jun 2022 - 5 minute read

Creating an eBay crawler for fun and profit

18 Apr 2022 - 12 minute read

How I got into the security industry

14 Apr 2022 - 16 minute read

Older Newer