All Articles rooted via syncthing

In May last year (2022) I found and disclosed a vulnerability on a subdomain of Using an exposed syncthing admin interface, I was able to gain root SSH access to the server by syncing the /root/.ssh directory.

Here is the report I sent to CERT India (forgive the format, it was written in a rush).

[You can also open the pdf directly here.](/pdfs/Full Disclosure Root Compromise.pdf)

Published Feb 9, 2023

Security Engineer with a dash of software. Originally from Stockholm, now in Berlin. I like to hack things.