Posts
CVE-2024-11497: Privilege escalation on Phoenix Contact CHARX-SEC3xxx charge controllers
Finding a vulnerability through firmware analysis
My methodology, report, and PoC on finding a privilege escalation vulnerability on Phoenix Contact CHARX SEC-3xxx charge controllers with firmware version <1.7.0.
Reversing the CVE-2022-26135 update for fun and PoC
Analyzing and exploiting an SSRF vulnerability in Atlassian Jira
How can the server-side request forgery (SSRF) vulnerability in Atlassian Jira be exploited? What indicators are present after a successful exploitation? How was the vulnerability fixed?
Reporting another subdomain takeover vulnerability
When I was first scanning for abandoned CNAME entries and found subdomains of welt.de which could have easily been taken over, I also found a vulnerable subdomain at bmw.de. The backstory is the same as in that other post so I won’t repeat it here.
Finding and reporting a subdomain takeover vulnerability
Being inspired by Patrik Hudak accomplishing a subdomain takeover at starbucks.com I decided to scan for some abandoned DNS records. From a different project I still had a script ready to search for a target domains subdomains on crt.sh and extended that to find subdomains with non-resolvable CNAME records.
Windows Server 2019 Proxmox Template
Creating and deploying a Windows Server 2019 template on Proxmox
This post is about creating a template for Windows Server 2019 on Proxmox, selecting some default settings and deploying a first VM from that template.