How I suddenly attended the AWE training in London

2024-02-21 — 8 min read
#offsec  #certs 
This blog post tells the weird story on how I unexpectedly attended the training for Advanced Windows Exploitation (OSEE) in London
Read more →

My journey to OSED and concluding OSCE³

2024-02-05 — 8 min read
#offsec  #certs 
This blog post will give an insight into the world of becoming an Offensive Security Exploit Developer and concluding the journey to OSCE³
Read more →

[CVE-2023-22855] Kardex MLOG - Insecure path join to RCE via SSTI

2023-02-07 — 9 min read
#rce  #rfi  #lfi  #ssti  #cve 
Kardex MLOG has an insecure path join, which allows to include files locally or from a remote smb server. In combination with the template rendering of .t4 files a SSTI is possible and allows for RCE. This blog post will describe how I found this vulnerability and how to leverage it to gain a reverse shell.
Read more →

Can an AI design a CTF Challenge in Golang?

2022-12-06 — 5 min read
#ChatGPT  #go  #ssrf  #sqli 
In this blog post I want to test the new ChatGPT AI and see if I can design a ctf challenge written in golang aided by the AI.
Read more →

My journey to OSWE

2022-11-18 — 13 min read
#offsec  #certs 
This blog post will give an insight into the world of becoming an Offensive Security Web Expert and how it did compare to OSEP
Read more →