Joakim Uddholm

Hello! I'm not sure what brings you here, but you're welcome all the same. On this site you should expect to find some of my personal thoughts and projects. I write here mostly for myself to reference and remember past things I've done or thought.

About Me

image of Joakim Uddholm

I'm Joakim Uddholm, a Swedish hacker/developer based in Berlin, Germany. I'm currently employed at Klarna as a Security Engineer. In the past I also worked for Awave, Payson, briefly at Bambora, then I moved to Berlin where I worked at Wellnow, then N26.

At one point I studied computer science at KTH. I graduated from there with a master degree 🍾

In my free time I like to play games, watch movies or read books. My favourite fast food is korean bulgogi from Mmaah, in Berlin, and Chipi Chipi Bombón, in Berlin makes my favourite ice cream.

Programming 🛠️

I feel fairly proficient in any of these languages: Python, Go, Java, C/C++, C#, PHP, SQL, JavaScript. Given the choice, I like to do my programming in Go and Linux. However a lot of work I've done involves the previously mentioned languages.

Ideally, I pick the language for the task, since they are more or less the similar in structure. Typically I adapt to what the team I work with needs.

Check out my github page for some of my (mostly incomplete) projects and code.

Security 🛡️

I have a few years of security experience at this point, and it's what I work with.

I've done a fair bit of whitehat hacking, disclosing vulnerabilities to companies/organizations, ask me at some point and I can probably tell you some stories.
I've helped build a SOC and been part of that rotation, though briefly.
These days I work mainly with Threat Modeling, and tooling that helps developers write more secure code. I lead development of Gram - the threat modeling diagram tool.

Posts

Filter by tag: all security (20) linux (17) cryptography (10) sysadmin (10) cheatsheet (10) python (7) wifi (4) android (3) .net (2) javascript (2) fitness (1) retrospective (1) architecture (1) philosophy (1) devops (1) go (1) anonymity (1)

2025 Jun 14Removing uninstallable apps from Android via adb
2024 Apr 17Setting up keepassxc with yubikey
2023 Oct 15Resetting HP M15w
2023 Mar 09Claiming a microsoft shorturl for an easy phish
2023 Feb 17Bitbucket CSRF on SSH Add Key Endpoint via superdomain cookie
2023 Feb 09kms.nhp.gov.in rooted via syncthing
2022 Feb 05Quick way to scrape websites
2021 Aug 29Python Logging Cheatsheet
2021 Aug 04Exfiltrating Past CSP Directives
2021 Jan 05Revoking a PGP Key from MIT's Key Server
2021 Jan 04Yubikey OpenPGP Setup for SSH and Commit Signing
2020 May 07Setting up RAID1 with mdadm
2020 Apr 04Setting up Thinkpad dockd
2020 Feb 15Setting up Brother DS620 on Linux
2020 Feb 02Replacing Cronjobs with Systemd Timers
2019 Nov 19Github Docker Packages Username Fix
2019 Oct 05Reverting to a Previous Kernel
2019 Aug 17Recovering a RAID 1 Drive in Linux
2019 Jul 04Veracrypt Cheatsheet
2019 Jun 29PulseAudio cheatsheet
2019 May 06Webhotel using traefik, docker and ssh
2019 Mar 18How to add custom alert sounds to Gnome (Ubuntu 18.04)
2019 Feb 20Quick EC2 IPv6 Tutorial
2019 Jan 28How to copy a MongoDB Database
2019 Jan 10Terraforming S3 Policies to an EC2 IAM Role
2018 Dec 29What I Learned Last Year at Work
2018 Nov 07Linux Services Cheatsheet
2018 Nov 07A Microservices Guideline
2018 Oct 05A hacky way to disable express-jwt expiry for development
2018 Sep 24A small Golang webservice Dockerimage
2018 Jun 29IMAP Tools for migrating email accounts
2018 May 29Tagging docker images differently based on git branch
2018 May 21CI/CD CV
2018 Mar 19Working locally with Docker containers
2018 Mar 05Custom Application Launchers in Linux
2018 Feb 24Graphing the Ferryman Problem
2017 Jan 31Stored XSS via Swish Transaction
2016 Oct 30tamperfree
2016 Jul 09Easier Authentication for your Mobile Apps
2015 Oct 14Setting up a Tor hidden service
2015 Aug 03Revisiting the Free Wifi on Destination Gotland
2015 Apr 21Teaching
2015 Apr 17Url Secrets
2015 Feb 24Apache HTTPS Configuration
2015 Feb 23Rolling my own Certificate Authority
2015 Jan 24SSLStrip
2015 Jan 21Ettercap, Arpspoof and DNSSpoof Examples
2014 Dec 05Enumerating Cinema Tickets
2014 Oct 22Android mmssms.db
2014 Oct 08Sandboxing SFTP users
2014 Sep 19One.com CSRF and XSS
2014 Sep 19FitBit CSRF and XSS
2014 Jul 05My Running
2014 Jun 26Bypassing Authentication to a Paid Wifi Hotspot
2014 Jun 21MD5 Length Extension Attack
2014 Jun 20MTG: Small AngularJS project
2014 May 31AuthorizeAttribute
2014 May 27label clickjacking and javascriptless csrf
2014 May 12Web Timing Attacks, Continued
2014 May 08Getting timing output from CSRF exploits
2014 Apr 20QR Codes as Password Storage?
2014 Apr 09Predicting .NET Guid.NewGuid()
2014 Apr 01First Post