Staaldraad
metatrapd - Metadata and honeypots
About Me
Perfil
Accessibility in Security
Thoughts on Threat Modeling
Universal RCE with Ruby YAML.load (versions > 2.7)
CVE-2020-25695 ElevaciĆ³n de Privilegios en Postgresql
CVE-2020-25695 Privilege Escalation in Postgresql
Argument injection and getting past shellwords.escape
CVE-2019-13139 - Docker build code execution
Bypassing Docker Authz Plugin and Using Docker-Containerd for Privesc
Go get -u CVE-2018-16873
Universal RCE with Ruby YAML.load
Dockerfile for creating a git repository to serve CVE-2018-11235
Getting root on a Kubernetes node with gitRepo and CVE-2018-11235
CVE-2018-11235 git RCE
CVE-2017-17405 RCE in Ruby's FTP lib
Quick win with GraphQL
Cross Posting - Other Blog Posts
netstat without netstat
Polycom HDX Series RCE
MSWord - Obfuscation with Field Codes
Phishing with OAuth and o365/Azure
NAT-to-NAT VPN with WireGuard
XXE FTP Server - A {web,ftp}-server for XXE
tcpprox - An intercepting TCP proxy
Powershell Shells
Viewing, modifying and replaying websockets
Abusing File Converters
Huawei Quidway Password Extraction
Mongo Shell escape
Hipsters and data