2022-07-01

My thoughts on Secure Code Review

This article is going to cover my journey in cyber security, thoughts on secure code review and how to improve your own skills. I have now worked for four years professionally in the cyber security field as consultant, mostly doing white-box assessments …



2022-06-29

Python gems to look out for

A few weeks ago I was looking into Python specific code patterns that would lead to vulnerabilities. I was surprised when I found a few patterns that I hadn’t really thought about, most likely because I never write Python code like the examples I …



2022-02-22

Unauthenticated LFI in Appwrite 0.5.0 <= 0.12.1

While exploring cyber space I stumbled upon a project called Appwrite. Looked interesting, started browsing the code. Eventually, I discovered an undisclosed vulnerability in one of the endpoints allowing an attacker to read local files on the system. The …



2021-11-01

Overwriting HttpOnly cookies with Javascript

So I got in contact with Sam Anttila on twitter regarding his article about overwriting HttpOnly enabled cookies using Javascript, which should not be possible. I asked him if he had verified if Firefox exhibits the same behavior. He answered yes and the …



2020-04-20

Technical Analysis Of The Necr0 Python Malware

I recently got a hold of a malware sample written in python that dropped crypto currency miners, among other things. It was built with Python2.7 and was heavily obfuscated. I decided to analyse it and try to break it apart to understand it better and its …



2020-01-27

SLAE 7: Creating your own crypter using golang

In this article, we will build a simple crypter for encrypting and decrypting shellcode. I chose to implement the crypter in Go using environmental keys. I will not spend time implementing a fancy shellcode execution method in this article, only encryption …