[CVE-2023-22855] Kardex MLOG - Insecure path join to RCE via SSTI

Kardex MLOG has an insecure path join, which allows to include files locally or from a remote smb server. In combination with the template rendering of .t4 files a SSTI is possible and allows for RCE. This blog post will describe how I found this vulnerability and how to leverage it to gain a reverse shell.
Read more →

Can an AI design a CTF Challenge in Golang?

In this blog post I want to test the new ChatGPT AI and see if I can design a ctf challenge written in golang aided by the AI.
Read more →

My journey to OSWE

This blog post will give an insight into the world of becoming an Offensive Web Expert and how it did compare to OSEP
Read more →

Bug Bounty - Cross-site request forgery is a thing

In this post I will explain when CSRF can be a serious issue. I will use an example for which I got promoted $2.400 as bounty.
Read more →

I hacked the german armed forces, and all I got …

This blog post will describe my adventure with the german armed forces and how I earned more than just a lousy T-Shirt. Topic: Vulnerability Disclosure Policy - Deutsche Bundeswehr
Read more →