Hello! I'm not sure what brings you here, but you're welcome all the same. On this site you should expect to find some of my personal thoughts and projects. I write here mostly for myself to reference and remember past things I've done or thought.
About Me
I'm Joakim Uddholm, a Swedish hacker/developer based in Berlin, Germany. I'm currently employed at Klarna as a Security Engineer. In the past I also worked for Awave, Payson, briefly at Bambora, then I moved to Berlin where I worked at Wellnow, then N26.
At one point I studied computer science at KTH. I graduated from there with a master degree 🍾
In my free time I like to play games, watch movies or read books. My favourite fast food is korean bulgogi from Mmaah, in Berlin, and Chipi Chipi Bombón, in Berlin makes my favourite ice cream.
Programming 🛠️
I feel fairly proficient in any of these languages: Python, Go, Java, C/C++, C#, PHP, SQL, JavaScript. Given the choice, I like to do my programming in Go and Linux. However a lot of work I've done involves the previously mentioned languages.
Ideally, I pick the language for the task, since they are more or less the similar in structure. Typically I adapt to what the team I work with needs.
Check out my github page for some of my (mostly incomplete) projects and code.
Security 🛡️
I have a few years of security experience at this point, and it's what I work with.
- I've done a fair bit of whitehat hacking, disclosing vulnerabilities to companies/organizations, ask me at some point and I can probably tell you some stories.
- I've helped build a SOC and been part of that rotation, though briefly.
- These days I work mainly with Threat Modeling, and tooling that helps developers write more secure code. I lead development of Gram - the threat modeling diagram tool.
Posts 
- 2025 Jun 14Removing uninstallable apps from Android via adb
- 2024 Apr 17Setting up keepassxc with yubikey
- 2023 Oct 15Resetting HP M15w
- 2023 Mar 09Claiming a microsoft shorturl for an easy phish
- 2023 Feb 17Bitbucket CSRF on SSH Add Key Endpoint via superdomain cookie
- 2023 Feb 09kms.nhp.gov.in rooted via syncthing
- 2022 Feb 05Quick way to scrape websites
- 2021 Aug 29Python Logging Cheatsheet
- 2021 Aug 04Exfiltrating Past CSP Directives
- 2021 Jan 05Revoking a PGP Key from MIT's Key Server
- 2021 Jan 04Yubikey OpenPGP Setup for SSH and Commit Signing
- 2020 May 07Setting up RAID1 with mdadm
- 2020 Apr 04Setting up Thinkpad dockd
- 2020 Feb 15Setting up Brother DS620 on Linux
- 2020 Feb 02Replacing Cronjobs with Systemd Timers
- 2019 Nov 19Github Docker Packages Username Fix
- 2019 Oct 05Reverting to a Previous Kernel
- 2019 Aug 17Recovering a RAID 1 Drive in Linux
- 2019 Jul 04Veracrypt Cheatsheet
- 2019 Jun 29PulseAudio cheatsheet
- 2019 May 06Webhotel using traefik, docker and ssh
- 2019 Mar 18How to add custom alert sounds to Gnome (Ubuntu 18.04)
- 2019 Feb 20Quick EC2 IPv6 Tutorial
- 2019 Jan 28How to copy a MongoDB Database
- 2019 Jan 10Terraforming S3 Policies to an EC2 IAM Role
- 2018 Dec 29What I Learned Last Year at Work
- 2018 Nov 07Linux Services Cheatsheet
- 2018 Nov 07A Microservices Guideline
- 2018 Oct 05A hacky way to disable express-jwt expiry for development
- 2018 Sep 24A small Golang webservice Dockerimage
- 2018 Jun 29IMAP Tools for migrating email accounts
- 2018 May 29Tagging docker images differently based on git branch
- 2018 May 21CI/CD CV
- 2018 Mar 19Working locally with Docker containers
- 2018 Mar 05Custom Application Launchers in Linux
- 2018 Feb 24Graphing the Ferryman Problem
- 2017 Jan 31Stored XSS via Swish Transaction
- 2016 Oct 30tamperfree
- 2016 Jul 09Easier Authentication for your Mobile Apps
- 2015 Oct 14Setting up a Tor hidden service
- 2015 Aug 03Revisiting the Free Wifi on Destination Gotland
- 2015 Apr 21Teaching
- 2015 Apr 17Url Secrets
- 2015 Feb 24Apache HTTPS Configuration
- 2015 Feb 23Rolling my own Certificate Authority
- 2015 Jan 24SSLStrip
- 2015 Jan 21Ettercap, Arpspoof and DNSSpoof Examples
- 2014 Dec 05Enumerating Cinema Tickets
- 2014 Oct 22Android mmssms.db
- 2014 Oct 08Sandboxing SFTP users
- 2014 Sep 19One.com CSRF and XSS
- 2014 Sep 19FitBit CSRF and XSS
- 2014 Jul 05My Running
- 2014 Jun 26Bypassing Authentication to a Paid Wifi Hotspot
- 2014 Jun 21MD5 Length Extension Attack
- 2014 Jun 20MTG: Small AngularJS project
- 2014 May 31AuthorizeAttribute
- 2014 May 27label clickjacking and javascriptless csrf
- 2014 May 12Web Timing Attacks, Continued
- 2014 May 08Getting timing output from CSRF exploits
- 2014 Apr 20QR Codes as Password Storage?
- 2014 Apr 09Predicting .NET Guid.NewGuid()
- 2014 Apr 01First Post