2025
-
Mar 22
POV: You land at Melbourne Airport
-
Mar 21
wtf Google: cacheable rss feeds are dead, and Atom feeds are delayed
-
Mar 16
Identifying ReDoS Vulnerabilities in Nginx Configurations Using gixy-ng
-
Mar 16
Losing Sight and Vision of Your Mission and Culture: Part 3
-
Mar 16
On being an illegal immigrant, hacking an unlimited Schengen visa, and becoming Polish
-
Feb 18
Can Nginx Configurations Be Vulnerable to ReDoS Expressions?
-
Feb 15
proxy_pass: nginx's Dangerous URL Normalization of Paths
-
Feb 15
Extracting TLS Session Keys in Burp Proxy à la SSLKEYLOGFILE
-
Feb 14
Debugging failures of HTTP/2 in Burp, mitmproxy, and browsers
-
Feb 13
NodeJS, nvm, yarn, and npm on MacOS in 2025
-
Feb 13
CodeQL on MacOS
-
Feb 02
Updating FreeBSD's datetime without DNS
-
Feb 01
Feedburner's Caching Problem
2024
-
Nov 08
Some Thoughts on "Fixing Security Issues"
-
Oct 07
Webcam support on a Macbook running FreeBSD using PCI passthrough
-
Sep 29
Losing Sight and Vision of Your Mission and Culture: Part 2
-
Sep 26
Crawling every Debian .deb package in history from snapshot.debian.org, learning the .deb format, and finding rate-limiting bypasses
-
Sep 23
A Full Guide: FreeBSD 13.3 on a MacBook Pro 11.4 (Mid 2015) (A1398)
-
Aug 29
Comparing different versions of AWK with WebAssembly
-
Aug 25
An automatic captive-portal resolver and DNS white-lister for DNS over TLS with Unbound
-
Aug 21
BCM43602: Debugging a Wifi chipset causing a whole-system hang with FreeBSD's bhyve VM
-
Jul 24
Exclusive i3 keysyms for specific programs. or: Binding Escape on imagemagick's import
-
Jul 07
Encrypted NTP using NTS and chrony on FreeBSD
-
Jul 06
Encrypted DNS over TLS on FreeBSD with Unbound, and Blocking Unencrypted DNS Traffic
-
Jul 01
Cute color progression for my battery status indicator
-
Jun 27
Fuzzing scripting languages' interpreters' native functions using AFL++ to find memory corruption and more
-
Jun 18
On using private browsing mode for half a year
-
May 02
Supply chain attacks and the many (other) different ways I've backdoored your dependencies
-
Apr 01
A DoS Attack in RuneScape: In 3-Dimensions!
-
Feb 02
The End of Yubikeys as 2-Factor-Authentication? Google Breaks 2FA with Yubikeys in Favor of Passkeys
-
Jan 24
Mounting and reading an ext4 drive on MacOS
-
Jan 16
A RuneScape Hacker's Dream: An Authenticator and PIN Bypass
-
Jan 15
Credential Stuffing Done Right: Some Tips
-
Jan 12
Automatically Generating a Well-Tuned Fuzzing Campaign With AFL++
-
Jan 11
SSH-Snake Update: Multi-IP Domain Resolution
-
Jan 09
On the Google Account Persistence Exploit
-
Jan 09
Firefox now automatically trusting the operating system's root store for TLS certificates (update: and now it doesn't!)
-
Jan 06
LDAP Watchdog: Real-time LDAP Monitoring for Linux and OpenLDAP
-
Jan 04
SSH-Snake: Automatic traversal of networks using SSH private keys
-
Jan 02
Fuzzing with memfd_create(2) and fmemopen(3)
2023
-
Dec 19
Bash and SSH fun: SSH is eating my stdin! Or: why does my Bash script not continue after returning from a function?
-
Dec 16
No new iPhone? No secure iOS: Looking at an unfixed iOS vulnerability
-
Dec 09
SSH Adventures Continued: Invalid CVE-2018-15473 Patches
-
Dec 07
Losing Sight and Vision of Your Mission and Culture
-
Nov 15
More fun with bash: bash, ssh, and ssh-keygen version quirks
-
Nov 12
Dumping bash variable values from memory using gdb
-
Nov 10
Playing with SSH: carriage returns on stderr output
-
Nov 07
Fuzzing glibc's libresolv's res_init()
-
Nov 05
Revisiting My Old Blog
-
Nov 04
Revisiting the past: Security recommendations of a 17-year-old Joshua
-
Oct 17
How to DoS MySQL/MariaDB and PostgresSQL Servers With Fewer Than 55kb of Data
-
Oct 11
55 Vulnerabilities in Squid Caching Proxy and 35 0days
-
Oct 01
root with a single command: sudo logrotate
-
Sep 17
Fuzzing with multiple servers in parallel: AFL++ with Network File Systems
-
Sep 13
CVE-2023-4863: Fallout hits Facebook; probably much much more
-
Sep 05
Nagios Plugins: Hacking Monitored Servers with check_by_ssh and Argument Injection: CVE-2023-37154
-
Aug 22
Tracking a secret LoginTime LDAP attribute with Operational Attributes
-
Aug 20
My Wrocław tourism tips and recommendations
-
Aug 20
Slack login is broken with noscript
-
Aug 18
Improve nmap's service scanning with this 1 weird trick!
-
Aug 13
Speeding up nmap service scanning 16x
-
Jul 30
5 Tips For Port Service Scanning 16x Faster: Part 1
-
Jul 12
Describing All Kubernetes Pods of All Namespaces for Fun and Profit
-
Jul 10
Stealing All of Hashicorp Vault's Secrets Using Login Enumeration
-
Jun 26
Achieving persistence with a hidden SSH backdoor
-
Feb 21
Attacking a temperamental ten-year-old Jenkins server
2022
-
Jun 05
Attacking a scripting language's cryptographic functions with Wycheproof
-
Apr 18
Creating an eBay crawler for fun and profit
-
Apr 14
How I got into the security industry