Security Engineer with a dash of software. Originally from Stockholm, now in Berlin. I like to hack things.
Resetting HP M15w
Trying to find instructions on how to reset the M15w printer to set up a new wifi connection was annoying enough that I wrote it down.
ReadClaiming a microsoft shorturl for an easy phish
**tl;dr;** Microsoft has an internal use shorturl service at **go.microsoft.com** that can be enumerated for hijackable links. It might be useful for you as a red teamer if you want to phish windows users.
ReadBitbucket CSRF on SSH Add Key Endpoint via superdomain cookie
In October 2022 I found a pretty specific CSRF vulnerability on Bitbucket Server (the self hosted version). Since it has now been patched, here are the details.
Readkms.nhp.gov.in rooted via syncthing
In May last year (2022) I found and disclosed a vulnerability on a subdomain of nhp.gov.in. Using an exposed syncthing admin interface, I was able to gain root SSH access to the server by syncing the `/root/.ssh` directory.
ReadQuick way to scrape websites
In this post I want to show a quick way to scrape websites using the python package requests-html and firefox's developer tools.
ReadExfiltrating Past CSP Directives
An example of using Google Analytics to exfiltrate past CSP directives on HackerOne
ReadRevoking a PGP Key from MIT's Key Server
Instructions on how to revoke your public PGP key from MIT's Key Server.
ReadYubikey OpenPGP Setup for SSH and Commit Signing
Some disorganized notes on how I set up my yubikey for SSH auth and git commit signing.
Read