Posts
Reversing the CVE-2022-26135 update for fun and PoC
Analyzing and exploiting an SSRF vulnerability in Atlassian Jira
How can the server-side request forgery (SSRF) vulnerability in Atlassian Jira be exploited? What indicators are present after a successful exploitation? How was the vulnerability fixed?
Reporting another subdomain takeover vulnerability
When I was first scanning for abandoned CNAME entries and found subdomains of welt.de which could have easily been taken over, I also found a vulnerable subdomain at bmw.de. The backstory is the same as in that other post so I won’t repeat it here.
Finding and reporting a subdomain takeover vulnerability
Being inspired by Patrik Hudak accomplishing a subdomain takeover at starbucks.com I decided to scan for some abandoned DNS records. From a different project I still had a script ready to search for a target domains subdomains on crt.sh and extended that to find subdomains with non-resolvable CNAME records.
Windows Server 2019 Proxmox Template
Creating and deploying a Windows Server 2019 template on Proxmox
This post is about creating a template for Windows Server 2019 on Proxmox, selecting some default settings and deploying a first VM from that template.
Setting up acme-dns on CentOS 7 and configuring a client
In this post an acme-dns server will be set up and a client will acquire a Let’s Encrypt certificate using the DNS-01 challenge.