I enjoy getting lost in work. I mean, really enjoy it. I forget to eat and sleep, especially when developing software. There is something addicting about building an MVP as fast as possible, finding the perfect architecture, refactoring your previous hacks, and eventually making your code observable and running smoothly. Whenever I take a vacation,… Continue reading Vacation Traditions
Honest Attempts to Secure an Ecosystem
I have used my off-time from audits in the past months to write more about security. Especially in a nascent ecosystem like Ethereum still is, the most considerable impact can be delivered by educating people. Education has to happen in different modes of complexity, depending on the target audience: Developers must be educated on how… Continue reading Honest Attempts to Secure an Ecosystem
Remembering my Dad
On March 11, 18:11, my dad passed away. After about a year with lung cancer and two weeks with COVID-19, he finally does not have to struggle anymore. I miss him dearly. After he got COVID, the doctors diagnosed him with pneumonia. He spent a week in the hospital before being released. He needed oxygen… Continue reading Remembering my Dad
HackTheBox Registry Write-up
Registry is a box rated at hard difficulty. There are quite a few steps involved, but with a bit of persistence and little experience with Docker internals (hint hint), it looks more daunting than it actually is. Let's go through the process of breaking in step by step! Out initial nmap scan is as unexciting… Continue reading HackTheBox Registry Write-up
HackTheBox Fuzzy Write-up
Fuzzy is a fun and short challenge on a docker container. It is especially good for teaching beginners the basics of using a fuzzer to discover new endpoints on a webserver. Spawning the container and probing around a bit, we don't have too much success. Using dirbuster and a standard wordlist, we find the endpoint… Continue reading HackTheBox Fuzzy Write-up
HackTheBox Mango Write-up
Mango was an interesting box when it comes to enumeration. It taught me to look more closely and not brush off anything just because I have seen it before. The box is also a prime lesson to aggregate your recon info in a structured manner so it's easier to apply it at other points when… Continue reading HackTheBox Mango Write-up
Construct Truffle Artifact Source Lists
Photo by Andrea Piacquadio from Pexels This is a quick and dirty workaround for an issue that has been bugging me a lot. Truffle is one of the central, if not the most central development tool for building smart contracts on Ethereum to date. When compiling a Truffle project, the output is stored in build/contracts by default. An… Continue reading Construct Truffle Artifact Source Lists
HackTheBox Postman Write-up
Postman was an easy-going box. It required careful enumeration and beyond that did not have too much resistance in privilege escalation. This makes it a prime example for real-world M&M security where the initial foothold is hard, but there is few resistance on the inside. Let's start out by scanning the machine: # nmap -sS… Continue reading HackTheBox Postman Write-up
The Web3 API has come to Python!
Last week I received an email in my inbox about a hackathon hosted by the awesome folks over at Amberdata. They are a provider for on-chain data and cover a large variety of blockchains - including Ethereum, Bitcoin, and Stellar. I have met the developers in the team in late 2018 when I was looking… Continue reading The Web3 API has come to Python!
The 36C3 Telnet Challenge (a.k.a. Cat CTF)
This is a write-up from the 36th Chaos Communication Congress, 2019. It has been my fourth Congress. Timed shortly after Christmas, it feels like meeting a second kind of family after the holidays. Hackers from all over the world gather in Leipzig to celebrate the weirdness of our community, break technology, learn new things, and… Continue reading The 36C3 Telnet Challenge (a.k.a. Cat CTF)