Joakim Uddholm

Hello! I'm not sure what brings you here, but you're welcome all the same. On this site you should expect to find some of my personal thoughts and projects. I write here mostly for myself to reference and remember past things I've done or thought.

About Me

image of Joakim Uddholm

I'm Joakim Uddholm, a Swedish hacker/developer based in Berlin, Germany. I'm currently employed at Klarna as a Security Engineer. In the past I also worked for Awave, Payson, briefly at Bambora, then I moved to Berlin where I worked at Wellnow, then N26.

At one point I studied computer science at KTH. I graduated from there with a master degree 🍾

In my free time I like to play games, watch movies or read books. My favourite fast food is korean bulgogi from Mmaah, in Berlin, and Chipi Chipi Bombón, in Berlin makes my favourite ice cream.

Programming 🛠️

I feel fairly proficient in any of these languages: Python, Go, Java, C/C++, C#, PHP, SQL, JavaScript. Given the choice, I like to do my programming in Go and Linux. However a lot of work I've done involves the previously mentioned languages.

Ideally, I pick the language for the task, since they are more or less the similar in structure. Typically I adapt to what the team I work with needs.

Check out my github page for some of my (mostly incomplete) projects and code.

Security 🛡️

I have a few years of security experience at this point, and it's what I work with.

I've done a fair bit of whitehat hacking, disclosing vulnerabilities to companies/organizations, ask me at some point and I can probably tell you some stories.
I've helped build a SOC and been part of that rotation, though briefly.
These days I work mainly with Threat Modeling, and tooling that helps developers write more secure code. I lead development of Gram - the threat modeling diagram tool.

Posts

Filter by tag: all security (20) linux (17) sysadmin (10) cheatsheet (10) cryptography (10) python (7) wifi (4) android (3) javascript (2) .net (2) architecture (1) go (1) devops (1) retrospective (1) fitness (1) anonymity (1) philosophy (1)

2023 Mar 09Claiming a microsoft shorturl for an easy phish
2023 Feb 17Bitbucket CSRF on SSH Add Key Endpoint via superdomain cookie
2023 Feb 09kms.nhp.gov.in rooted via syncthing
2021 Aug 04Exfiltrating Past CSP Directives
2017 Jan 31Stored XSS via Swish Transaction
2016 Oct 30tamperfree
2016 Jul 09Easier Authentication for your Mobile Apps
2015 Oct 14Setting up a Tor hidden service
2015 Aug 03Revisiting the Free Wifi on Destination Gotland
2015 Apr 17Url Secrets
2015 Jan 24SSLStrip
2015 Jan 21Ettercap, Arpspoof and DNSSpoof Examples
2014 Dec 05Enumerating Cinema Tickets
2014 Sep 19One.com CSRF and XSS
2014 Sep 19FitBit CSRF and XSS
2014 Jun 26Bypassing Authentication to a Paid Wifi Hotspot
2014 May 27label clickjacking and javascriptless csrf
2014 May 12Web Timing Attacks, Continued
2014 May 08Getting timing output from CSRF exploits
2014 Apr 20QR Codes as Password Storage?