[CVE-2025-46661] IPW Systems Metazo - Remote Code Execution via unauthenticated SSTI

IPW Systems Metazo had an unauthenticated SSTI that was leading to RCE in it. An unprotected route would happily just evaluate smarty template language leading to unauthenticated RCE directly.
Read more →

How I suddenly attended the AWE training in London

This blog post tells the weird story on how I unexpectedly attended the training for Advanced Windows Exploitation (OSEE) in London
Read more →

My journey to OSED and concluding OSCE³

This blog post will give an insight into the world of becoming an Offensive Security Exploit Developer and concluding the journey to OSCE³
Read more →

[CVE-2023-22855] Kardex MLOG - Insecure path join to RCE via SSTI

Kardex MLOG has an insecure path join, which allows to include files locally or from a remote smb server. In combination with the template rendering of .t4 files a SSTI is possible and allows for RCE. This blog post will describe how I found this vulnerability and how to leverage it to gain a reverse shell.
Read more →

Can an AI design a CTF Challenge in Golang?

In this blog post I want to test the new ChatGPT AI and see if I can design a ctf challenge written in golang aided by the AI.
Read more →