2016-09-10

SEC-T CTF - Confusion Writeup

This time I participated in the SEC-T CTF event and it was pretty fun! I played with a group of people from my university and we managed to get quite some points. But I didn’t manage to solve some of the challenges on time. However this didn’t …



2016-07-21

Exploiting weak Content Security Policy (CSP) rules for fun and profit

This article is based on my findings during a bug bounty. I was looking for any input bugs which could trigger a XSS but didn’t find any until I tested the file upload functionality. Users had the option to drag&drop images into the …



2016-06-22

Creating SYN flood attacks with Python

Today it’s very easy for people to download tools that overwhelm computer systems (denial of service) in order to take them offline. There are different types of attacks that can be used to create a denial of service attack, one of them is the SYN …



2016-06-12

Monitoring your server with Monit

I run a couple of services on my server, some of them are web, teamspeak, irc and an openvpn server. I need to be notified if any of these services becomes unresponsive for some reason. This is where Monit comes in. What is Monit? Monit is a small Open …



2016-06-08

Securityfest CTF - Defacer Challenge Writeup

I actually learned something entirely new on this challenge, I decided I had to do a writeup to share my findings. If you read my previous Securityfest CTF writeup you perhaps know that these challenges were from securityfest held in Sweden, which I …



2016-06-06

Securityfest CTF - Coresec challenge writeup

This challenge was produced by Coresec Systems and was released during Securityfest. I would liked to have spent more time on it during the event but couldn’t really find any time for it. Now the event is over and first year of university is …